From 280fa02742e62a97b4aa7112dd2376880f36084b Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Wed, 20 Jul 2022 08:10:36 -0700 Subject: [PATCH 01/58] Added filter scroll link to comparison view --- .../app/metadata/view/MetadataComparison.js | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/ui/src/app/metadata/view/MetadataComparison.js b/ui/src/app/metadata/view/MetadataComparison.js index de0022ce0..2e9307acf 100644 --- a/ui/src/app/metadata/view/MetadataComparison.js +++ b/ui/src/app/metadata/view/MetadataComparison.js @@ -4,13 +4,14 @@ import { ArrayParam, withDefault } from 'use-query-params'; +import { scroller } from 'react-scroll'; import { MetadataDefinitionContext, MetadataSchemaContext } from '../hoc/MetadataSchema'; import { MetadataVersionsLoader } from '../hoc/MetadataVersionsLoader'; import { Configuration } from '../hoc/Configuration'; import { MetadataConfiguration } from '../component/MetadataConfiguration'; import { Link, useParams } from 'react-router-dom'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; -import { faHistory } from '@fortawesome/free-solid-svg-icons'; +import { faArrowDown, faHistory } from '@fortawesome/free-solid-svg-icons'; import Translate from '../../i18n/components/translate'; import Form from 'react-bootstrap/Form'; import { useTranslation } from '../../i18n/hooks'; @@ -18,6 +19,14 @@ import { MetadataFilterVersionList } from '../domain/filter/component/MetadataFi import { MetadataFilterVersionContext } from '../domain/filter/component/MetadataFilterVersionContext'; import { useMetadataSchema } from '../hooks/schema'; import { FilterableProviders } from '../domain/provider'; +import Button from 'react-bootstrap/Button'; +const onScrollTo = (element, offset = 0) => { + scroller.scrollTo(element, { + duration: 500, + smooth: true, + offset + }); + }; export function MetadataComparison () { @@ -54,6 +63,12 @@ export function MetadataComparison () {   Version History + {type === 'provider' && canFilter && + + } {type === 'provider' && canFilter && v && - +

Metadata Filter @@ -74,7 +89,7 @@ export function MetadataComparison () { {(c) => } - +

}
} From 4c3b4ebe9a5a3891e13ab152cd5061ae9c5bc47a Mon Sep 17 00:00:00 2001 From: Bill Smith Date: Tue, 26 Jul 2022 10:24:01 -0400 Subject: [PATCH 02/58] SHIBUI-2188 Couple quick stability fixes. --- .../integration/resources/SHIBUI-1364-1.side | 31 +++++++++------ .../integration/resources/SHIBUI-1364-4.side | 21 +++------- .../integration/resources/SHIBUI-1732-3.side | 38 +++++++++---------- 3 files changed, 43 insertions(+), 47 deletions(-) diff --git a/backend/src/integration/resources/SHIBUI-1364-1.side b/backend/src/integration/resources/SHIBUI-1364-1.side index b1cb09526..8fe9da05e 100644 --- a/backend/src/integration/resources/SHIBUI-1364-1.side +++ b/backend/src/integration/resources/SHIBUI-1364-1.side @@ -2330,13 +2330,22 @@ ["xpath=//button[contains(.,'Compare Selected(2)')]", "xpath:innerText"] ], "value": "" + }, { + "id": "9ddfc4d9-0fbd-44f2-8584-4d7fcb6d0c6b", + "comment": "", + "command": "waitForElementEditable", + "target": "css=#filters > div:nth-child(3) > div:nth-child(2) > div > button", + "targets": [ + ["css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .svg-inline--fa", "css:finder"] + ], + "value": "30000" }, { "id": "2ff5a597-9fe0-46b4-9ca5-63123ddb3cef", "comment": "", "command": "click", - "target": "xpath=//section/div/div/div[4]/div[2]/div/button", + "target": "css=#filters > div:nth-child(3) > div:nth-child(2) > div > button", "targets": [ - ["css=.border-primary:nth-child(2) .fa-square", "css:finder"] + ["css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .svg-inline--fa", "css:finder"] ], "value": "" }, { @@ -2356,23 +2365,23 @@ "id": "d7b5550d-1db8-4fa5-800f-fde753413c13", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(8) .p-2 > div > div:nth-child(1) .d-block:nth-child(2)", + "target": "css=.bg-diff > .d-block:nth-child(2)", "targets": [ - ["css=.mb-4:nth-child(8) .p-2 > div > div:nth-child(1) .d-block:nth-child(2)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[5]/div/div[2]/div[2]/div/div/span[2]", "xpath:idRelative"], - ["xpath=//section[5]/div/div[2]/div[2]/div/div/span[2]", "xpath:position"], - ["xpath=//span[contains(.,'Entity Attributes Filter')]", "xpath:innerText"] + ["css=.bg-diff > .d-block:nth-child(2)", "css:finder"], + ["xpath=//div[@id='filters']/section/div/div[2]/div[2]/div/div/span[2]", "xpath:idRelative"], + ["xpath=//div[2]/section/div/div[2]/div[2]/div/div/span[2]", "xpath:position"], + ["xpath=//span[contains(.,'Entity Attributes Filter Version 2')]", "xpath:innerText"] ], "value": "Entity Attributes Filter Version 2" }, { "id": "ad797f09-746e-4778-954e-6f92ac5934ea", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(8) .p-2 > div > div:nth-child(1) .d-block:nth-child(3)", + "target": "css=.bg-diff > .d-block:nth-child(3)", "targets": [ - ["css=.mb-4:nth-child(8) .p-2 > div > div:nth-child(1) .d-block:nth-child(3)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[5]/div/div[2]/div[2]/div/div/span[3]", "xpath:idRelative"], - ["xpath=//section[5]/div/div[2]/div[2]/div/div/span[3]", "xpath:position"] + ["css=.bg-diff > .d-block:nth-child(3)", "css:finder"], + ["xpath=//div[@id='filters']/section/div/div[2]/div[2]/div/div/span[3]", "xpath:idRelative"], + ["xpath=//div[2]/section/div/div[2]/div[2]/div/div/span[3]", "xpath:position"] ], "value": "Entity Attributes Filter" }, { diff --git a/backend/src/integration/resources/SHIBUI-1364-4.side b/backend/src/integration/resources/SHIBUI-1364-4.side index 8f5192665..3384d27ea 100644 --- a/backend/src/integration/resources/SHIBUI-1364-4.side +++ b/backend/src/integration/resources/SHIBUI-1364-4.side @@ -1417,23 +1417,14 @@ ["xpath=//input", "xpath:position"] ], "value": "" - }, { - "id": "e83dc2da-ad95-4e50-b969-57721eb8f1dc", - "comment": "", - "command": "click", - "target": "css=.d-flex:nth-child(5) > .border-primary:nth-child(2) .svg-inline--fa", - "targets": [ - ["css=.d-flex:nth-child(5) > .border-primary:nth-child(2) .svg-inline--fa", "css:finder"] - ], - "value": "" }, { "id": "c2102a31-6e18-4d6c-8146-e23459403b65", "comment": "", "command": "assertText", - "target": "css=.border-primary:nth-child(2) > .bg-primary-light .mb-0:nth-child(1)", + "target": "css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .mb-0:nth-child(1)", "targets": [ - ["css=.border-primary:nth-child(2) > .bg-primary-light .mb-0:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/div[4]/div[2]/div/div/p", "xpath:idRelative"], + ["css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .mb-0:nth-child(1)", "css:finder"], + ["xpath=//div[@id='filters']/div[3]/div[2]/div/div/p", "xpath:idRelative"], ["xpath=//p", "xpath:position"], ["xpath=//p[contains(.,'Entity Attributes Filter V2')]", "xpath:innerText"] ], @@ -1442,10 +1433,10 @@ "id": "cac6c125-c81b-40af-ae21-2b717df9511e", "comment": "", "command": "assertText", - "target": "css=.border-primary:nth-child(3) > .bg-primary-light .mb-0:nth-child(1)", + "target": "css=.d-flex:nth-child(3) .bg-lighter .mb-0:nth-child(1)", "targets": [ - ["css=.border-primary:nth-child(3) > .bg-primary-light .mb-0:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/div[4]/div[3]/div/div/p", "xpath:idRelative"], + ["css=.d-flex:nth-child(3) .bg-lighter .mb-0:nth-child(1)", "css:finder"], + ["xpath=//div[@id='filters']/div[3]/div[3]/div/div/p", "xpath:idRelative"], ["xpath=//div[3]/div/div/p", "xpath:position"] ], "value": "Entity Attributes Filter" diff --git a/backend/src/integration/resources/SHIBUI-1732-3.side b/backend/src/integration/resources/SHIBUI-1732-3.side index c7d0f9fd4..54573d88b 100644 --- a/backend/src/integration/resources/SHIBUI-1732-3.side +++ b/backend/src/integration/resources/SHIBUI-1732-3.side @@ -1325,13 +1325,9 @@ "id": "2dd7992f-ee99-45a3-ad85-20488c4bd4b1", "comment": "", "command": "click", - "target": "xpath=//section/div/div/div[4]/div[2]/div/button", + "target": "css=#filters > div:nth-child(3) > div:nth-child(2) > div > button", "targets": [ - ["css=.border-primary:nth-child(2) .mx-auto", "css:finder"], - ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/div[4]/div[2]/div/button", "xpath:idRelative"], - ["xpath=//div[2]/div/button", "xpath:position"], - ["xpath=//button[contains(.,'Compare')]", "xpath:innerText"] + ["css=.border-primary:nth-child(2) .svg-inline--fa", "css:finder"] ], "value": "" }, { @@ -1553,21 +1549,21 @@ ["xpath=//ul[2]/li[2]/span", "xpath:position"] ], "value": "bar" - },{ - "id": "4ec2c493-85e4-403b-9b09-031c5728f498", - "comment": "", - "command": "open", - "target": "/api/heheheheheheheWipeout", - "targets": [], - "value": "" - }, { - "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", - "comment": "", - "command": "assertText", - "target": "css=body", - "targets": [], - "value": "yes, you did it" - }] + }, { + "id": "4ec2c493-85e4-403b-9b09-031c5728f498", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] }], "suites": [{ "id": "575d414c-556d-45f7-b2f2-c9971ad51348", From 166908e65b7dbb17db5a03ba4033b06db8440bb9 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Wed, 27 Jul 2022 10:06:31 -0700 Subject: [PATCH 03/58] Consolidated messages files --- .../main/resources/i18n/messages.properties | 23 +- .../resources/i18n/messages_en.properties | 566 ------------------ 2 files changed, 18 insertions(+), 571 deletions(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index d5202280e..a9a0560be 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -216,7 +216,7 @@ label.select-protocol=Select Protocol label.nameid-format=NameID Format label.nameid-formats=NameID Formats label.name-and-entity-id=Name and Entity ID -label.organization-information=SP/Organization Information +label.organization-information=Organization Information label.contact-information=Contact Information label.given-name=Given Name label.contact-type=Contact Type @@ -282,7 +282,7 @@ label.add-a-new-metadata-source=Add a new metadata source - Finish Summary label.name-and-entityid=Name and Entity ID. label.finish-summary-validation=Finished! label.select-entity-id-to-copy=Select the Entity ID to copy -label.metadata-source-name-dashboard-display-only=Metadata Source Name (Dashboard Display Only) +label.metadata-source-name-dashboard-display-only=Service Provider Name (Dashboard Display Only) label.new-entity-id=New Entity ID label.sections-to-copy=Sections to Copy? label.add-a-new-metadata-resolver=Add a new metadata source @@ -417,6 +417,7 @@ label.dynamic-attributes=Dynamic Attributes label.metadata-filter-plugins=Metadata Filter Plugins label.advanced-settings=Advanced Settings label.edit-metadata-provider=Edit Metadata Provider +label.edit-metadata-source=Edit Metadata Source label.http-settings-advanced=Http Settings (Advanced) label.metadata-ui=User Interface / MDUI Information @@ -439,6 +440,7 @@ label.attribute-eduPersonUniqueId=eduPersonUniqueId label.attribute-employeeNumber=employeeNumber label.force-authn=Force AuthN +label.dynamic-attributes=Dynamic Attributes label.min-cache-duration=Min Cache Duration label.max-cache-duration=Max Cache Duration label.max-idle-entity-data=Max Idle Entity Data @@ -466,14 +468,20 @@ label.nameid-formats-type=NameID Type label.select-filter-type=Select Filter Type label.admin=Admin +label.action-required=Action Required +label.user-access-request=User Access Request label.user-maintenance=User Maintenance label.user-id=UserId label.email=Email +label.role=Role label.delete=Delete? - -label.title=Title +label.delete-request=Delete Request +label.enable=Enable +label.disable=Disable label.enabled=Enabled label.disabled=Disabled +label.enable-metadata-sources=Enable Metadata Sources +label.title=Title label.author=Author label.creation-date=Creation Date label.order=Order @@ -543,6 +551,7 @@ message.uri-valid-format=URI must be valid format. message.id-unique=ID must be unique. message.name-unique=Service provider name must be unique. message.array-items-must-be-unique=Items in list must be unique. +message.real-number=Optional. If using a value, must be a real number between 0-1. message.valid-duration=Must be a valid duration. message.valid-name=No special characters or whitespace allowed. message.required=Missing required property. @@ -592,7 +601,9 @@ message.database-constraint=There was a database constraint problem processing t message.no-filters=No Filters message.no-filters-added=No filters have been added to this Metadata Provider - +message.user-request-received-title=User request received +message.user-request-received-body=Your request has been received and is being reviewed. You will be notified with access status. +message.filter-fail=A server error occured, and the filter failed to save. message.create-new-version-from-version=Create New Version from Previous Settings message.restoring-this-version-will-copy=Restoring this version will copy the Version ({ date }) configuration and create a new Version from the selected version settings. You can then edit the configuration before saving the new version. @@ -628,6 +639,8 @@ tooltip.certificate-name=Certificate Name tooltip.certificate-type=Certificate Type tooltip.certificate=Certificate tooltip.logout-endpoints=Logout Endpoints +tooltip.logout-endpoints-url=Logout Endpoints Url +tooltip.logout-endpoints-binding-type=Logout Endpoints Binding Type tooltip.url=Logout Endpoints Url tooltip.binding-type=Logout Endpoints Binding Type tooltip.mdui-display-name=Typically, the IdP Display Name field will be presented on IdP discovery service interfaces. diff --git a/backend/src/main/resources/i18n/messages_en.properties b/backend/src/main/resources/i18n/messages_en.properties index ca93cdbb3..e69de29bb 100644 --- a/backend/src/main/resources/i18n/messages_en.properties +++ b/backend/src/main/resources/i18n/messages_en.properties @@ -1,566 +0,0 @@ -# Fill this file with key/value pairs, as follows: -# -# some.test.message=This is a test message. -# -# Then, create a copy using the name of the language code: -# -# messages_.properties -# -# Do this for each language we want to support. -# Ideally, all messages should exist for each language. - -action.dashboard=Dashboard -action.logout=Logout -action.add=Add -action.add-new=Add New -action.add-new-provider=Add a new metadata provider -action.add-new-source=Add a new metadata source -action.clear=Clear -action.delete=Delete -action.remove=Remove -action.save=Save -action.toggle=Toggle -action.add-contact=Add Contact -action.add-contacts=Add Contacts -action.use-mine=Use My Changes -action.use-theirs=Use Their Changes -action.discard-changes=Discard Changes -action.add-endpoint=Add Endpoint -action.add-nameid-format=Add NameID Format -action.add-certificate=Add Certificate -action.add-entity-id=Add Entity ID -action.download-file=Download File -action.cancel=Cancel -action.search=Search -action.select-id=Select ID -action.finish-later=Finish Later -action.back=Back -action.next=Next -action.create=Create -action.copy=Copy -action.choose-file=Choose File -action.search-by=Search By -action.preview=Preview -action.select-metadata-filter-type=Select a metadata filter type -action.add-authentication-method=Add Authentication Method -action.move-up=Move Up -action.move-down=Move Down -action.edit=Edit -action.add-filter=Add Filter -action.manage-filters=Manage Filters - -value.enabled=Enabled -value.disabled=Disabled -value.none=None -value.file=File -value.memory=Memory -value.true=true -value.false=false -value.regex=Regex -value.script=Script -value.entity-id=Entity ID - -value.support=Support -value.technical=Technical -value.administrative=Administrative -value.other=Other - -value.signing=Signing -value.encryption=Encryption -value.both=Both - -value.entity=Entity -value.condition-ref=ConditionRef -value.condition-script=ConditionScript - -value.file-backed-http-metadata-provider=FileBackedHttpMetadataProvider -value.file-system-metadata-provider=FileSystemMetadataProvider -value.local-dynamic-metadata-provider=LocalDynamicMetadataProvider -value.dynamic-http-metadata-provider=DynamicHttpMetadataProvider -value.entity-attributes-filter=EntityAttributes Filter -value.spdescriptor=SPSSODescriptor -value.attr-auth-descriptor=AttributeAuthorityDescriptor -value.dynamic-http-metadata-provider=DynamicHttpMetadataProvider -value.local-dynamic-metadata-provider=LocalDynamicMetadataProvider - -value.md-query-protocol=MetadataQueryProtocol -value.template=Template - -brand.header.title=Source Management -brand.logo-link-label=Shibboleth -brand.logo-link-description=Link to Shibboleth Website -brand.logo-alt=Shibboleth Logo - Click to be directed to www.shibboleth.net -brand.footer.text=Links to Shibboleth resources: -brand.footer.links-label-1=Home Page -brand.footer.links-desc-1=Shibboleth.net open-source community home page -brand.footer.links-label-2=Wiki -brand.footer.links-desc-2=Shibboleth.net open-source community wiki -brand.footer.links-label-3=Issue Tracker -brand.footer.links-desc-3=Shibboleth.net open-source community issue tracker -brand.footer.links-label-4=Mailing List -brand.footer.links-desc-4=Shibboleth.net open-source community mailing list -brand.footer.copyright=Copyright \u00A9 {year} Internet2 - -brand.in-partnership-with=In partnership with -brand.and=and - -heading.shibboleth=Shibboleth - -label.metadata-source=Metadata Source -label.metadata-sources=Metadata Sources -label.metadata-provider=Metadata Provider -label.metadata-providers=Metadata Providers -label.source-management=Source Management -label.search-files=Search Files -label.service-provider-entity-id=Service Provider Entity ID -label.service-provider-name-dashboard-display-only=Service Provider Name (Dashboard Display Only) -label.enable-this-service=Enable this service? -label.organization-name=Organization Name -label.organization-display-name=Organization Display Name -label.organization-url=Organization URL -label.name=Name -label.type=Type -label.email-address=Email Address -label.assertion-consumer-service-endpoints=Assertion Consumer Service Endpoints -label.my-changes=My Changes -label.their-changes=Their Changes -label.new-endpoint=New Endpoint -label.select-binding=Select Binding Type -label.mark-as-default=Mark as Default -label.attribute-name=Attribute Name -label.yes=Yes -label.check-all-attributes=Check All Attributes -label.clear-all-attributes=Clear All Attributes -label.protocol-support-enumeration=Protocol Support Enumeration -label.select-protocol=Select Protocol -label.nameid-format=NameID Format -label.nameid-formats=NameID Formats -label.name-and-entity-id=Name and Entity ID -label.organization-information=Organization Information -label.contact-information=Contact Information -label.given-name=Given Name -label.contact-type=Contact Type -label.user-interface-mdui-infromation=User Interface / MDUI Information -label.display-name=Display Name -label.information-url=Information URL -label.description=Description -label.privacy-statement=Privacy Statement URL -label.logo-url=Logo URL -label.logo-width=Logo Width -label.logo-height=Logo Height -label.sp-sso-descriptor-information=SP SSO Descriptor Information -label.logout-endpoints=Logout Endpoints -label.binding-types=Binding Type -label.security-information=Security Information -label.is-there-a-x509-certificate=Is there a X509 Certificate? -label.authentication-requests-signed=Authentication Requests Signed? -label.want-assertions-signed=Want Assertions Signed? -label.x509-certificates=X509 Certificates -label.certificate-name-display-only=Certificate Name (Display Only) -label.certificate=Certificate -label.assertion-consumer-services=Assertion Consumer Services -label.assertion-consumer-service-location=Location -label.assertion-consumer-service-endpoint=Assertion Consumer Service Endpoints -label.default=(default) -label.assertion-consumer-service-location-binding=Location Binding -label.relying-party-overrides=Relying Party Overrides -label.sign-the-assertion=Sign the Assertion? -label.turn-off-encryption-of-response=Turn off Encryption of Response? -label.use-sha1-signing-algorithm=Use SHA1 Signing Algorithm? -label.ignore-any-sp-requested-authentication-method=Ignore any SP-Requested Authentication Method? -label.omit-not-before-condition=Omit Not Before Condition? -label.responderid=ResponderID -label.attribute-release=Attribute Release -label.true=True -label.false=False -label.no=No -label.new-cert=New Certificate -label.url=URL -label.privacy-statement-url=Privacy Statement URL -label.contact-name=Contact Name -label.select-contact-type=Select Contact Type -label.contact-email-address=Contact Email Address -label.dont-sign-the-response=Don\u0027t Sign the Response -label.nameid-format-to-send=NameID Format to Send -label.authentication-methods-to-use=Authentication Methods to Use -label.auth-method-indexed=Authentication Method -label.preview-provider=Preview XML -label.search-entity-id=Search Entity Id -label.edit-filter=Edit Filter -label.min-4-chars=Minimum 4 characters. -label.new-filter=New Filter -label.service-provider=Metadata Source Name: -label.created-date=Created Date: -label.service-entity-id=Metadata Source Entity ID: -label.service-provider-status=Metadata Source Status: -label.current-metadata-sources=Current Metadata Sources -label.current-metadata-providers=Current Metadata Providers -label.add-a-new-metadata-provider=Add a new metadata provider -label.service-resolver-name-dashboard-display-only=Service Provider Name (Dashboard Display Only) -label.service-resolver-entity-id=Service Provider Entity ID -label.add-a-new-metadata-source=Add a new metadata source - Finish Summary -label.name-and-entityid=Name and Entity ID. -label.finish-summary-validation=Finished! -label.select-entity-id-to-copy=Select the Entity ID to copy -label.metadata-source-name-dashboard-display-only=Service Provider Name (Dashboard Display Only) -label.new-entity-id=New Entity ID -label.sections-to-copy=Sections to Copy? -label.add-a-new-metadata-resolver=Add a new metadata source -label.how-are-you-adding-the-metadata-information=How are you adding the metadata information? -label.upload-url=Upload/URL -label.or=or -label.name-and-upload-url=Name and Upload Url -label.service-resolver-file=Select Provider Metadata File -label.service-resolver-metadata-url=Service Provider Metadata URL -label.search-criteria-by=Search Criteria by { displayType } -label.entity-ids-added=Entity Ids Added -label.ui-mdui-info=User Interface / MDUI Information -label.sp-sso-descriptor-info=SP SSO Descriptor Information -label.security-info=Security Information -label.sp-org-info=SP/Organization Information -label.finished=Finished! -label.signing=Signing -label.encryption=Encryption -label.both=Both -label.org-info=Organization Information -label.security-descriptor-info=Security Descriptor Information -label.entity-id=Entity ID -label.service-provider-name=Service Provider Name -label.organization=Organization -label.contacts=Contacts -label.contact=Contact -label.mdui=MDUI Information -label.service-provider-sso-descriptor=Service Provider Sso Descriptor -label.service-enabled=Service Enabled -label.filter-name=Filter Name -label.filter-enabled=Filter Enabled -label.filter-target=FilterTarget -label.filter-type=Filter Type -label.value=Value -label.binding-type=Binding Type -label.sign-assertion=Sign Assertions -label.dont-sign-response=Don\u0027t Sign Response -label.turn-off-encryption=Turn off encryption -label.use-sha=Use Sha -label.ignore-authentication-method=Ignore Authentication Method -label.omit-not-before=Omit Not Before -label.responder-id=Responder ID -label.name-id-formats=Name ID Formats -label.name-id-format= Name ID Format -label.authentication-methods=Authentication Methods -label.authentication-method=Authentication Method -label.x509-certificate-available=x509 Certificate Available -label.protocol-support-enum=Protocol Support Enumeration -label.binding=Binding -label.location-url=Location URL -label.make-default=Make Default -label.metadata-provider-name-dashboard-display-only=Metadata Provider Name (Dashboard Display Only) -label.default-authentication-methods=Default Authentication Method(s) -label.new-of-type=New { type } - -label.metadata-filter-name=Metadata Filter Name (Dashboard Display Only) -label.filter-enable=Enable this Filter? -label.search-criteria=Search Criteria -label.metadata-filter=Metadata Filter -label.metadata-filter-type=Metadata Filter Type - -label.http-connection-attributes=HTTP Connection Attributes -label.http-security-attributes=HTTP Security Attributes -label.http-proxy-attributes=HTTP Proxy Attributes -label.http-caching-attributes=HTTP Caching Attributes - -label.connection-request-timeout=Connection Request Timeout -label.connection-timeout=Connection Timeout -label.socket-timeout=Socket Timeout -label.disregard-tls-cert=Disregard TLS Certificate? -label.proxy-host=Proxy Host -label.proxy-port=Proxy Port -label.proxy-user=Proxy User -label.proxy-password=Proxy Password -label.http-caching=HTTP Caching? -label.select-caching-type=Select Caching Type -label.http-caching-directory=HTTP Cache Directory -label.http-max-cache-entries=HTTP Max Cache Entries -label.max-cache-entry-size=HTTP Max Cache Entry Size -label.duration=Duration -label.real-number=Real Number (between 0.0 and 1.0) -label.min-refresh-delay=Min Refresh Delay -label.max-refresh-delay=Max Refresh Delay -label.refresh-delay-factor=Refresh Delay Factor -label.resolve-via-predicates-only=Resolve Via Predicates Only? -label.expiration-warning-threshold=Expiration Warning Threshold - -label.satisfy-any-predicates=Satisfy Any Predicates? -label.use-default-predicate-reg=Use Default Predicate Registry? -label.fail-fast-init=Fail Fast Initialization? -label.require-valid-metadata=Require Valid Metadata? -label.backup-file-init-refresh-delay=Backup File Init Next Refresh Delay -label.backing-file=Backing File -label.init-from-backup=Initialize From Backup File? -label.metadata-url=Metadata URL -label.xml-id=ID -label.enable-service=Enable this service? -label.metadata-provider-type=Metadata Provider Type -label.metadata-provider-name=Metadata Provider Name -label.select-metadata-type=Select a metadata provider type -label.metadata-provider-status=Metadata Provider Status -label.enable-provider-upon-saving=Enable Metadata Provider? -label.certificate-type=Type - -label.metadata-file=Metadata File - -label.enable-filter=Enable Filter? -label.required-valid-until=Required Valid Until Filter -label.max-validity-interval=Max Validity Interval -label.signature-validation-filter=Signature Validation Filter -label.require-signed-root=Require Signed Root -label.certificate-file=Certificate File -label.entity-role-whitelist=Entity Role Whitelist Filter -label.retained-roles=Retained Roles -label.remove-roleless-entity-descriptors=Remove Roleless Entity Descriptors? -label.remove-empty-entities-descriptors=Remove Empty Entities Descriptors? - -label.select-metadata-provider-type=Select Metadata Provider Type -label.filter-list=Filter List -label.common-attributes=Common Attributes -label.reloading-attributes=Reloading Attributes -label.dynamic-attributes=Dynamic Attributes -label.metadata-filter-plugins=Metadata Filter Plugins -label.advanced-settings=Advanced Settings -label.edit-metadata-provider=Edit Metadata Provider -label.edit-metadata-source=Edit Metadata Source -label.http-settings-advanced=Http Settings (Advanced) - -label.metadata-ui=User Interface / MDUI Information -label.descriptor-info=SP SSO Descriptor Information -label.key-info=Security Information -label.assertion=Assertion Consumer Service -label.relying-party=Relying Party Overrides - -label.attribute-eduPersonPrincipalName=eduPersonPrincipalName (EPPN) -label.attribute-uid=uid -label.attribute-mail=mail -label.attribute-surname=surname -label.attribute-givenName=givenName -label.attribute-eduPersonAffiliation=eduPersonAffiliation -label.attribute-eduPersonScopedAffiliation=eduPersonScopedAffiliation -label.attribute-eduPersonPrimaryAffiliation=eduPersonPrimaryAffiliation -label.attribute-eduPersonEntitlement=eduPersonEntitlement -label.attribute-eduPersonAssurance=eduPersonAssurance -label.attribute-eduPersonUniqueId=eduPersonUniqueId -label.attribute-employeeNumber=employeeNumber -label.force-authn=Force AuthN - -label.dynamic-attributes=Dynamic Attributes -label.min-cache-duration=Min Cache Duration -label.max-cache-duration=Max Cache Duration -label.max-idle-entity-data=Max Idle Entity Data -label.cleanup-task-interval=Cleanup Task Interval -label.persistent-cache-manager-directory=Persistent Cache Manager Directory -label.initialize-from-persistent-cache-in-background=Initialize from Persistent Cache in Background? -label.background-init-from-cache-delay=Background Initialization from Cache Delay -label.source-directory=Source Directory -label.remove-idle-entity-data=Remove Idle Entity Data? -label.do-resolver-initialization=Initialize -label.file-doesnt-exist=The file specified in the resolver does not exist on the file system. Therefore, the resolver cannot be initialized. - -label.md-request-type=Metadata Request URL Construction Type -label.md-request-value=Metadata Request URL Construction Value -label.transform-ref=Transform Ref -label.encoding-style=Encoding Style -label.velocity-engine=Velocity Engine -label.match=Match - -label.remove-existing-formats=Remove Existing Formats? -label.nameid-formats-format=NameID Format -label.nameid-formats-value=NameID Value -label.nameid-formats-type=NameID Type - -label.select-filter-type=Select Filter Type - -label.admin=Admin -label.action-required=Action Required -label.user-access-request=User Access Request -label.user-maintenance=User Maintenance -label.user-id=UserId -label.email=Email -label.role=Role -label.delete=Delete? -label.delete-request=Delete Request - -label.enable=Enable -label.disable=Disable -label.enable-metadata-sources=Enable Metadata Sources - -label.source=Metadata Source -label.provider=Metadata Provider - -message.delete-user-title=Delete User? -message.delete-user-body=You are requesting to delete a user. If you complete this process the user will be removed. This cannot be undone. Do you wish to continue? - -message.must-be-unique=Must be unique. -message.name-must-be-unique=Name must be unique. -message.uri-valid-format=URI must be valid format. -message.id-unique=ID must be unique. -message.array-items-must-be-unique=Items in list must be unique. -message.real-number=Optional. If using a value, must be a real number between 0-1. - -message.org-name-required=Organization Name is required. -message.org-displayName-required=Organization Name is required. -message.org-url-required=Organization Name is required. -message.org-incomplete=These three fields must all be entered if any single field has a value. - -message.type-required=Missing required property: Type -message.match-required=Missing required property: Match -message.value-required=Missing required property: Value -message.required=Missing required property. - -message.conflict=Conflict -message.data-version-contention=Data Version Contention -message.contention-new-version=A newer version of this metadata source has been saved. Below are a list of changes. You can use your changes or their changes. -message.organization-feedback=These three fields must all be entered if any single field has a value. -message.valid-email=Must be a valid Email Address -message.valid-url=Must be a valid URL -message.must-be-valid-url=Must be a valid URL -message.must-be-integer=Must be an integer equal to or greater than 0 -message.delete-source-title=Delete Metadata Source? -message.delete-source-body=You are deleting a metadata source. This cannot be undone. Continue? -message.incomplete-form=Incomplete Form -message.delete-filter-title=Delete Metadata Filter? -message.delete-filter-body=You are deleting a metadata filter. This cannot be undone. Continue? -message.unsaved-dialog-title=Save your information? -message.unsaved-editor=You have not saved your changes. If you exit this screen, your changes will be lost. -message.editor-invalid=All forms must be valid before changes can be saved! -message.unsaved-source-1=You have not completed the wizard! Do you wish to save this information? You can finish the wizard later by clicking the \u0027Edit\u0027 -message.unsaved-source-2=icon on the dashboard. -message.service-resolver-name-required=Service Provider Name is required -message.entity-id-required=Entity ID is required -message.entity-id-must-be-unique=Entity ID must be unique -message.target-required=Entity ID to copy is required -message.file-upload-alert=Note: You can only import a file with a single entityID (EntityDescriptor element) in it. Anything more in that file will result in an error. -message.add-new-md-resolver=Add a new metadata source -message.wizard-status=Step { index } of { length } -message.entity-id-min-unique=You must add at least one entity id target and they must each be unique. -message.required-for-scripts=Required for Scripts -message.required-for-regex=Required for Regex -message.file-doesnt-exist=The requested file to be processed does not exist on the server. -message.database-constraint=There was a database constraint problem processing the request. Check the request to ensure that fields that must be unique are truly unique. - -message.user-request-received-title=User request received -message.user-request-received-body=Your request has been received and is being reviewed. You will be notified with access status. - -message.filter-fail=A server error occured, and the filter failed to save. - -tooltip.entity-id=Entity ID -tooltip.service-provider-name=Service Provider Name (Dashboard Display Only) -tooltip.force-authn=Disallows use (or reuse) of authentication results and login flows that don\u0027t provide a real-time proof of user presence in the login process -tooltip.service-provider-name-dashboard-display-only=Service Provider Name (Dashboard Display Only) -tooltip.service-provider-entity-id=Service Provider Entity ID -tooltip.organization-name=Organization Name -tooltip.organization-display-name=Organization Display Name -tooltip.organization-url=Organization URL -tooltip.name=Name -tooltip.type=Type -tooltip.email-address=Email Address -tooltip.assertion-consumer-service-location=Assertion Consumer Service Location -tooltip.assertion-consumer-service-location-binding=Assertion Consumer Service Location Binding -tooltip.mark-as-default=Mark as Default -tooltip.protocol-support-enumeration=Protocol Support Enumeration -tooltip.nameid-format=Content is name identifier format which is added to all the applicable roles of the entities which match any of the following or {{}}elements. -tooltip.enable-this-service-upon-saving=If checkbox is clicked, the metadata provider is enabled for integration with the IdP -tooltip.authentication-requests-signed=Authentication Requests Signed -tooltip.want-assertions-signed=Want Assertions Signed -tooltip.certificate-name=Certificate Name -tooltip.certificate-type=Certificate Type -tooltip.certificate=Certificate -tooltip.logout-endpoints-url=Logout Endpoints Url -tooltip.logout-endpoints-binding-type=Logout Endpoints Binding Type -tooltip.mdui-display-name=Typically, the IdP Display Name field will be presented on IdP discovery service interfaces. -tooltip.mdui-information-url=The IdP Information URL is a link to a comprehensive information page about the IdP. This page should expand on the content of the IdP Description field. -tooltip.mdui-description=The IdP Description is a brief description of the IdP service. On a well-designed discovery interface, the IdP Description will be presented to the user in addition to the IdP Display Name, and so the IdP Description helps disambiguate duplicate or similar IdP Display Names. -tooltip.mdui-privacy-statement-url=The IdP Privacy Statement URL is a link to the IdP\u0027s Privacy Statement. The content of the Privacy Statement should be targeted at end users. -tooltip.mdui-logo-url=The IdP Logo URL in metadata points to an image file on a remote server. A discovery service, for example, may rely on a visual cue (i.e., a logo) instead of or in addition to the IdP Display Name. -tooltip.mdui-logo-width=The logo should have a minimum width of 100 pixels -tooltip.mdui-logo-height=The logo should have a minimum height of 75 pixels and a maximum height of 150 pixels (or the application will scale it proportionally) -tooltip.contact-name=Contact Name -tooltip.contact-type=Contact Type -tooltip.contact-email=Contact Email -tooltip.sign-assertion=Sign Assertion -tooltip.dont-sign-response=Don\u0027t Sign Response -tooltip.turn-off-encryption=Turn Off Encryption of Response -tooltip.usa-sha-algorithm=Use SHA1 Signing Algorithm -tooltip.authentication-methods-to-use=Authentication Methods to Use -tooltip.ignore-auth-method=Ignore any SP-Requested Authentication Method -tooltip.omit-not-before-condition=Omit Not Before Condition -tooltip.responder-id=ResponderId -tooltip.instruction=Information icon -tooltip.attribute-release-table=Attribute release table - select the attributes you want to release (default unchecked) -tooltip.metadata-filter-name=Metadata Filter Name -tooltip.metadata-filter-type=Metadata Filter Type -tooltip.connection-request-timeout=The maximum amount of time to wait for a connection to be returned from the HTTP client\u0027s connection pool manager. Set to PT0S to disable. This attribute is incompatible with httpClientRef. -tooltip.connection-timeout=The maximum amount of time to wait to establish a connection with the remote server. Set to PT0S to disable. This attribute is incompatible with httpClientRef. -tooltip.socket-timeout=The maximum amount of time to wait between two consecutive packets while reading from the socket connected to the remote server. Set to PT0S to disable. This attribute is incompatible with httpClientRef. -tooltip.disregard-tls-cert=If true, no TLS certificate checking will take place over an HTTPS connection. This attribute is incompatible with httpClientRef. (Be careful with this setting, it is typically only used during testing. See the HttpClientConfiguration topic for more information.) -tooltip.proxy-host=The hostname of the HTTP proxy through which connections will be made. This attribute is incompatible with httpClientRef. -tooltip.proxy-port=The port of the HTTP proxy through which connections will be made. This attribute is incompatible with httpClientRef. -tooltip.proxy-user=The username used with the HTTP proxy through which connections will be made. This attribute is incompatible with httpClientRef. -tooltip.proxy-password=The password used with the HTTP proxy through which connections will be made. This attribute is incompatible with httpClientRef. -tooltip.http-caching=The type of low-level HTTP caching to perform. There are three choices: 'none' indicates the HTTP response is not cached by the client library, 'file' indicates the HTTP response is written to disk (but will not survive a restart), 'memory' indicates the HTTP response is stored in memory. This attribute is incompatible with httpClientRef and its value may not be specified as a bean property. Some metadata providers, most notably the reloading 'batch-oriented' providers, implement HTTP caching at a higher layer and tend to work best with httpCaching='none'. -tooltip.http-caching-directory=If httpCaching='file', this attribute specifies where retrieved files are to be cached. This attribute is incompatible with httpClientRef. -tooltip.http-max-cache-entries=The maximum number of responses written to cache. This attribute is incompatible with httpClientRef. -tooltip.max-cache-entry-size=The maximum response body size that may be cached, in bytes. This attribute is incompatible with httpClientRef. - -tooltip.metadata-provider-name=Metadata Provider Name (for display on the Dashboard only) -tooltip.metadata-provider-type=Metadata Provider Type -tooltip.xml-id=Identifier for logging, identification for command line reload, etc. -tooltip.metadata-url=The URL that the metadata is served from. -tooltip.metadata-file=The absolute path to the local metadata file to be loaded. -tooltip.init-from-backup=Flag indicating whether initialization should first attempt to load metadata from the backup file. If true, foreground initialization will be performed by loading the backing file, and then a refresh from the remote HTTP server will be scheduled to execute in a background thread, after a configured delay. This can improve IdP startup times when the remote HTTP file is large in size. -tooltip.backing-file=Specifies where the backing file is located. If the remote server is unavailable at startup, the backing file is loaded instead. -tooltip.backup-file-init-refresh-delay=Delay duration after which to schedule next HTTP refresh when initialized from the backing file. -tooltip.require-valid-metadata=Whether candidate metadata found by the resolver must be valid in order to be returned (where validity is implementation specific, but in SAML cases generally depends on a validUntil attribute.) If this flag is true, then invalid candidate metadata will not be returned. -tooltip.fail-fast-init=Whether to fail initialization of the underlying MetadataResolverService (and possibly the IdP as a whole) if the initialization of a metadata provider fails. When false, the IdP may start, and will continue to attempt to reload valid metadata if configured to do so, but operations that require valid metadata will fail until it does. -tooltip.use-default-predicate-reg=Flag which determines whether the default CriterionPredicateRegistry will be used if a custom one is not supplied explicitly. -tooltip.satisfy-any-predicates=Flag which determines whether predicates used in filtering are connected by a logical 'OR' (true) or by logical 'AND' (false). -tooltip.enable-provider-upon-saving=If checkbox is clicked, the metadata provider is enabled for integration with the IdP - -tooltip.max-validity-interval=Defines the window within which the metadata is valid. -tooltip.require-signed-root=If true, this fails to load metadata with no signature on the root XML element. -tooltip.certificate-file=A path (on the local file system) to a certificate file whose key is used to verify the signature. Conflicts with trustEngineRef and both of the child elements. -tooltip.retained-roles=Note that property replacement cannot be used on this element. -tooltip.remove-roleless-entity-descriptors=Controls whether to keep entity descriptors that contain no roles. Note: If this attribute is set to false, the resulting output may not be schema-valid since an element must include at least one role descriptor. -tooltip.remove-empty-entities-descriptors=Controls whether to keep entities descriptors that contain no entity descriptors. Note: If this attribute is set to false, the resulting output may not be schema-valid since an element must include at least one child element, either an element or an element. - -tooltip.min-refresh-delay=Lower bound on the next refresh from the time calculated based on the metadata\u0027s expiration. Setting this to 0 will result in the default value being used. -tooltip.max-refresh-delay=Upper bound on the next refresh from the time calculated based on the metadata\u0027s expiration. -tooltip.refresh-delay-factor=A factor applied to the initially determined refresh time in order to determine the next refresh time (typically to ensure refresh takes place prior to the metadata\u0027s expiration). Attempts to refresh metadata will generally begin around the product of this number and the maximum refresh delay. -tooltip.resolve-via-predicates-only=Flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection, when an entityID input criterion is not supplied. -tooltip.expiration-warning-threshold=For each attempted metadata refresh (whether or not fresh metadata is obtained), if requireValidMetadata is true, and there is a validUntil XML attribute on the document root element, and the difference between validUntil and the current time is less than expirationWarningThreshold, the system logs a warning about the impending expiration. - -tooltip.filter-name=Filter Name -tooltip.enable-filter=Enable Filter? -tooltip.enable-service=Enable Service? - -tooltip.min-cache-duration=The minimum duration for which metadata will be cached before it is refreshed. -tooltip.max-cache-duration=The maximum duration for which metadata will be cached before it is refreshed. -tooltip.max-idle-entity-data=The maximum duration for which metadata will be allowed to be idle (no requests for it) before it is removed from the cache. -tooltip.cleanup-task-interval=The interval at which the internal cleanup task should run. This task performs background maintenance tasks, such as the removal of expired and idle metadata. -tooltip.persistent-cache-manager-directory=The optional manager for the persistent cache store for resolved metadata. On metadata provider initialization, data present in the persistent cache will be loaded to memory, effectively restoring the state of the provider as closely as possible to that which existed before the previous shutdown. Each individual cache entry will only be loaded if 1) the entry is still valid as determined by the internal provider logic, and 2) the entry passes the (optional) predicate supplied via initializationFromCachePredicateRef. -tooltip.initialize-from-persistent-cache-in-background=Flag indicating whether should initialize from the persistent cache in the background. Initializing from the cache in the background will improve IdP startup times. -tooltip.background-init-from-cache-delay=The delay after which to schedule the background initialization from the persistent cache when initializeFromPersistentCacheInBackground=true. - -tooltip.source-directory=Convenience mechanism for wiring a FilesystemLoadSaveManager, loading from the specified source directory in the local filesystem. This attribute will be ignored if sourceManagerRef is also specified. Either this attribute or sourceManagerRef is required. -tooltip.remove-idle-entity-data=Flag indicating whether idle metadata should be removed. - -tooltip.do-resolver-initialization=Initialize this resolver? In the case of Filesystem resolvers, this will cause the system to read the file and index the resolver. -tooltip.md-request-type=Options are 1) Metadata Query Protocol, 2) Regex. -tooltip.md-request-value=Content of the element. -tooltip.transform-ref=A reference to a transform function for the entityID. If used, the child element must be empty. -tooltip.encoding-style=Determines whether and how the entityID value will be URL encoded prior to replacement. Allowed values are: 1) "none" - no encoding is performed, 2) "form" - encoded using URL form parameter encoding (for query parameters), 3) "path" - encoded using URL path encoding, or 4) "fragment" - encoded using URL fragment encoding. The precise definition of these terms is defined in the documentation for the methods of the Guava library\u0027s UrlEscapers class. -tooltip.velocity-engine=This attribute may be used to specify the name of the Velocity engine defined within the application. -tooltip.match=A regular expression against which the entityID is evaluated. - -tooltip.remove-existing-formats=Whether to remove any existing formats from a role if any are added by the filter (unmodified roles will be untouched regardless of this setting) -tooltip.nameid-formats-format=Format -tooltip.nameid-formats-value=Value -tooltip.nameid-formats-type=Type \ No newline at end of file From 43adf94c105deac73f3993f3e6feb0b47e3096d5 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 27 Jul 2022 13:31:27 -0700 Subject: [PATCH 04/58] SHIBUI-2327 Adding missing libraries and needed marshalling configuration for using pac4j --- .../resources/modified-saml2-assertion-config.xml | 14 +++++++++++++- pac4j-module/build.gradle | 3 +++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/backend/src/main/resources/modified-saml2-assertion-config.xml b/backend/src/main/resources/modified-saml2-assertion-config.xml index 2f09fa77b..3349e4558 100644 --- a/backend/src/main/resources/modified-saml2-assertion-config.xml +++ b/backend/src/main/resources/modified-saml2-assertion-config.xml @@ -230,7 +230,19 @@ - + + + + + + + + + + + + + diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle index 6a1295758..4080df12a 100644 --- a/pac4j-module/build.gradle +++ b/pac4j-module/build.gradle @@ -46,8 +46,11 @@ dependencies { exclude group: 'org.opensaml' exclude group: 'commons-collections' } + // But we do need this opensaml lib that wasn't provided + implementation "org.opensaml:opensaml-storage-impl:${project.'opensamlVersion'}" compile "org.apache.commons:commons-collections4:${project.'commonsCollections4Version'}" + testCompile project(':backend') testCompile "org.opensaml:opensaml-saml-api:${project.'opensamlVersion'}" From b736eb38f62e691bc014450527097f496aa39c85 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Wed, 27 Jul 2022 15:01:09 -0700 Subject: [PATCH 05/58] Updated spinners --- ui/src/app/metadata/hoc/MetadataSchema.js | 13 +++++++++++-- ui/src/app/metadata/hoc/MetadataVersionsLoader.js | 2 +- ui/src/app/metadata/view/MetadataWizard.js | 6 ++++-- .../app/metadata/wizard/MetadataProviderWizard.js | 6 +++++- 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/ui/src/app/metadata/hoc/MetadataSchema.js b/ui/src/app/metadata/hoc/MetadataSchema.js index 025e7a415..d2d257623 100644 --- a/ui/src/app/metadata/hoc/MetadataSchema.js +++ b/ui/src/app/metadata/hoc/MetadataSchema.js @@ -9,6 +9,7 @@ export const MetadataDefinitionContext = React.createContext(); export function MetadataSchema({ type, children, wizard = false }) { const definition = React.useMemo(() => wizard ? getWizard(type) : getDefinition(type), [type, wizard]); + const [loading, setLoading] = React.useState(false); const { get, response } = useFetch(``, { cachePolicy: 'no-cache' @@ -21,18 +22,20 @@ export function MetadataSchema({ type, children, wizard = false }) { if (response.ok) { setSchema(source); } + setLoading(false); } /*eslint-disable react-hooks/exhaustive-deps*/ React.useEffect(() => { setSchema(null); loadSchema(definition); + setLoading(true); }, [definition]); return ( {type && definition && schema && - + {children} } @@ -41,7 +44,13 @@ export function MetadataSchema({ type, children, wizard = false }) { } export function useMetadataSchemaContext () { - return React.useContext(MetadataSchemaContext); + const {schema} = React.useContext(MetadataSchemaContext); + return schema; +} + +export function useMetadataSchemaLoading () { + const {loading} = React.useContext(MetadataSchemaContext); + return loading; } export function useMetadataDefinitionContext() { diff --git a/ui/src/app/metadata/hoc/MetadataVersionsLoader.js b/ui/src/app/metadata/hoc/MetadataVersionsLoader.js index f552db8c4..d957903d9 100644 --- a/ui/src/app/metadata/hoc/MetadataVersionsLoader.js +++ b/ui/src/app/metadata/hoc/MetadataVersionsLoader.js @@ -52,8 +52,8 @@ export function MetadataVersionsLoader ({versions, children}) { return ( - {children(versions.map(v => list[v]).filter(v => !!v))} {loading &&
} + {children(versions.map(v => list[v]).filter(v => !!v))} ); } \ No newline at end of file diff --git a/ui/src/app/metadata/view/MetadataWizard.js b/ui/src/app/metadata/view/MetadataWizard.js index 8dc5a9d51..d48cc4330 100644 --- a/ui/src/app/metadata/view/MetadataWizard.js +++ b/ui/src/app/metadata/view/MetadataWizard.js @@ -58,11 +58,13 @@ export function MetadataWizard ({type, data, onCallback}) { /> {type === 'source' ? - + + + {loading &&
} + : } - {loading &&
} ); diff --git a/ui/src/app/metadata/wizard/MetadataProviderWizard.js b/ui/src/app/metadata/wizard/MetadataProviderWizard.js index 7193c0573..72df681fd 100644 --- a/ui/src/app/metadata/wizard/MetadataProviderWizard.js +++ b/ui/src/app/metadata/wizard/MetadataProviderWizard.js @@ -2,7 +2,7 @@ import React from 'react'; import { WizardNav } from './WizardNav'; import { MetadataWizardForm } from './MetadataWizardForm'; import { setWizardIndexAction, useCurrentIndex, useIsLastPage, useWizardDispatcher } from './Wizard'; -import { useMetadataDefinitionContext, useMetadataDefinitionValidator, useMetadataSchemaContext } from '../hoc/MetadataSchema'; +import { useMetadataDefinitionContext, useMetadataDefinitionValidator, useMetadataSchemaContext, useMetadataSchemaLoading } from '../hoc/MetadataSchema'; import { checkChanges, useMetadataSchema } from '../hooks/schema'; import { useMetadataFormDispatcher, setFormDataAction, setFormErrorAction, useMetadataFormData, useMetadataFormErrors } from '../hoc/MetadataFormContext'; import { MetadataConfiguration } from '../component/MetadataConfiguration'; @@ -12,6 +12,7 @@ import { useMetadataProviders } from '../hooks/api'; import { removeNull } from '../../core/utility/remove_null'; import { useUserGroup } from '../../core/user/UserContext'; +import Spinner from '../../core/components/Spinner'; export function MetadataProviderWizard({onSave, loading, block}) { @@ -20,6 +21,7 @@ export function MetadataProviderWizard({onSave, loading, block}) { const definition = useMetadataDefinitionContext(); const schema = useMetadataSchemaContext(); + const schemaLoading = useMetadataSchemaLoading(); const processed = useMetadataSchema(definition, schema); @@ -49,6 +51,7 @@ export function MetadataProviderWizard({onSave, loading, block}) { return ( <> +
+ {schemaLoading &&
}
Date: Thu, 28 Jul 2022 07:57:21 -0700 Subject: [PATCH 06/58] Fixed issue with configuration loading --- ui/src/app/metadata/hoc/MetadataSchema.js | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/ui/src/app/metadata/hoc/MetadataSchema.js b/ui/src/app/metadata/hoc/MetadataSchema.js index d2d257623..ea14361d9 100644 --- a/ui/src/app/metadata/hoc/MetadataSchema.js +++ b/ui/src/app/metadata/hoc/MetadataSchema.js @@ -5,6 +5,7 @@ import { useTranslator } from '../../i18n/hooks'; export const MetadataSchemaContext = React.createContext(); export const MetadataDefinitionContext = React.createContext(); +export const MetadataSchemaLoading = React.createContext(); export function MetadataSchema({ type, children, wizard = false }) { @@ -35,8 +36,10 @@ export function MetadataSchema({ type, children, wizard = false }) { return ( {type && definition && schema && - - {children} + + + {children} + } @@ -44,13 +47,11 @@ export function MetadataSchema({ type, children, wizard = false }) { } export function useMetadataSchemaContext () { - const {schema} = React.useContext(MetadataSchemaContext); - return schema; + return React.useContext(MetadataSchemaContext); } export function useMetadataSchemaLoading () { - const {loading} = React.useContext(MetadataSchemaContext); - return loading; + return React.useContext(MetadataSchemaLoading); } export function useMetadataDefinitionContext() { From 619b2dfa2520591d383b5663ff992b930b44352e Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 28 Jul 2022 09:50:01 -0700 Subject: [PATCH 07/58] Fixed loading spinner --- ui/src/app/metadata/view/MetadataWizard.js | 6 +----- ui/src/app/metadata/wizard/MetadataSourceWizard.js | 5 ++++- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/ui/src/app/metadata/view/MetadataWizard.js b/ui/src/app/metadata/view/MetadataWizard.js index d48cc4330..a95ca777c 100644 --- a/ui/src/app/metadata/view/MetadataWizard.js +++ b/ui/src/app/metadata/view/MetadataWizard.js @@ -8,7 +8,6 @@ import { useMetadataEntity } from '../hooks/api'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { Prompt, useHistory } from 'react-router-dom'; import { useTranslator } from '../../i18n/hooks'; -import Spinner from '../../core/components/Spinner'; export function MetadataWizard ({type, data, onCallback}) { @@ -58,10 +57,7 @@ export function MetadataWizard ({type, data, onCallback}) { /> {type === 'source' ? - - - {loading &&
} - + : } diff --git a/ui/src/app/metadata/wizard/MetadataSourceWizard.js b/ui/src/app/metadata/wizard/MetadataSourceWizard.js index 5dae8319a..b14c5c6d4 100644 --- a/ui/src/app/metadata/wizard/MetadataSourceWizard.js +++ b/ui/src/app/metadata/wizard/MetadataSourceWizard.js @@ -8,7 +8,7 @@ import Col from 'react-bootstrap/Col'; import { WizardNav } from './WizardNav'; import { MetadataWizardForm } from './MetadataWizardForm'; import { setWizardIndexAction, useCurrentIndex, useIsFirstPage, useIsLastPage, useWizardDispatcher } from './Wizard'; -import { useMetadataDefinitionContext, useMetadataSchemaContext, useMetadataDefinitionValidator } from '../hoc/MetadataSchema'; +import { useMetadataDefinitionContext, useMetadataSchemaContext, useMetadataDefinitionValidator, useMetadataSchemaLoading } from '../hoc/MetadataSchema'; import { useMetadataFormDispatcher, setFormDataAction, setFormErrorAction, useMetadataFormData, useMetadataFormErrors } from '../hoc/MetadataFormContext'; import { MetadataConfiguration } from '../component/MetadataConfiguration'; import { Configuration } from '../hoc/Configuration'; @@ -17,6 +17,7 @@ import { useMetadataSources } from '../hooks/api'; import Translate from '../../i18n/components/translate'; import { checkChanges } from '../hooks/utility'; import { useCurrentUserLoader, useUserGroup } from '../../core/user/UserContext'; +import Spinner from '../../core/components/Spinner'; export function MetadataSourceWizard ({ onShowNav, onSave, block, loading }) { @@ -24,6 +25,7 @@ export function MetadataSourceWizard ({ onShowNav, onSave, block, loading }) { const group = useUserGroup(); const userLoader = useCurrentUserLoader(); + const schemaLoading = useMetadataSchemaLoading(); /*eslint-disable react-hooks/exhaustive-deps*/ React.useEffect(() => { @@ -75,6 +77,7 @@ export function MetadataSourceWizard ({ onShowNav, onSave, block, loading }) {
+ {schemaLoading &&
} {warnings && warnings.hasOwnProperty(current) && From 9f30396346908bdbc0740a2d4b6aa1ffdbd1e518 Mon Sep 17 00:00:00 2001 From: Jj! Date: Fri, 29 Jul 2022 16:21:52 -0500 Subject: [PATCH 08/58] [SHIBUI-2327] add provider configuration for signatures implement method for X509 --- .../shibboleth/admin/ui/domain/X509Data.java | 4 +- .../main/resources/jpa-signature-config.xml | 268 ++++++++++++++++++ 2 files changed, 271 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java index e875932cd..7afd88814 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java @@ -19,6 +19,7 @@ import javax.xml.namespace.QName; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.List; import java.util.stream.Collectors; @@ -74,10 +75,11 @@ public void addX509Certificate(edu.internet2.tier.shibboleth.admin.ui.domain.X50 this.xmlObjects.add(x509Certificate); } + // TODO: might need to really implement this @Nonnull @Override public List getX509CRLs() { - return null; + return Collections.EMPTY_LIST; } @Nonnull diff --git a/backend/src/main/resources/jpa-signature-config.xml b/backend/src/main/resources/jpa-signature-config.xml index 0a6696db5..22f00e04b 100644 --- a/backend/src/main/resources/jpa-signature-config.xml +++ b/backend/src/main/resources/jpa-signature-config.xml @@ -39,6 +39,274 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 604297a47a8ecaaaf718e839f2e9e1c3b925f886 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 29 Jul 2022 15:56:56 -0700 Subject: [PATCH 09/58] SHIBUI-2327 Commented out block of builder-marshaller-unmarshaller that was causing conflict with testing --- backend/src/main/resources/jpa-signature-config.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/src/main/resources/jpa-signature-config.xml b/backend/src/main/resources/jpa-signature-config.xml index 22f00e04b..9a8da32e8 100644 --- a/backend/src/main/resources/jpa-signature-config.xml +++ b/backend/src/main/resources/jpa-signature-config.xml @@ -250,12 +250,12 @@ - + @@ -310,4 +310,4 @@ - + \ No newline at end of file From 621969d3e32f6a8756d245b8675781de5e9d1459 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 1 Aug 2022 12:27:39 -0700 Subject: [PATCH 10/58] SHIBUI-2327 Correcting security filter to work properly using the pac4j settup --- .../src/main/java/net/unicon/shibui/pac4j/WebSecurity.java | 7 +++++-- testbed/authentication/docker-compose.yml | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java index a67bf4a96..884569ac7 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java @@ -5,7 +5,7 @@ import edu.internet2.tier.shibboleth.admin.ui.security.service.IRolesService; import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService; import edu.internet2.tier.shibboleth.admin.ui.service.EmailService; -import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME; +import org.pac4j.core.authorization.authorizer.DefaultAuthorizers; import org.pac4j.core.config.Config; import org.pac4j.core.matching.matcher.Matcher; import org.pac4j.springframework.security.web.CallbackFilter; @@ -26,6 +26,8 @@ import javax.servlet.Filter; import java.util.Optional; +import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME; + @Configuration @AutoConfigureOrder(-1) @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true") @@ -62,7 +64,8 @@ public Pac4jWebSecurityConfigurerAdapter(final Config config, UserService userSe protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/unsecured/**/*").permitAll(); - final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME); + // adding the authorizor bypasses the default behavior of checking CSRF in Pac4J's default securitylogic+defaultauthorizationchecker + final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME, DefaultAuthorizers.IS_AUTHENTICATED); // add filter based on auth type http.antMatcher("/**").addFilterBefore(getFilter(config, pac4jConfigurationProperties.getTypeOfAuth()), BasicAuthenticationFilter.class); diff --git a/testbed/authentication/docker-compose.yml b/testbed/authentication/docker-compose.yml index 884042c4a..42b12cb6a 100644 --- a/testbed/authentication/docker-compose.yml +++ b/testbed/authentication/docker-compose.yml @@ -20,7 +20,7 @@ services: - "8080:8080" - "443:443" - "8443:8443" -# - "8000:8000" + - "9090:9090" volumes: - /var/run/docker.sock:/var/run/docker.sock - ../reverse-proxy/:/configuration/ @@ -72,6 +72,7 @@ services: - ./shibui/application.yml:/application.yml ports: - "8000:8000" +# - "9090:9090" entrypoint: ["/usr/bin/java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000", "-jar", "app.war"] networks: reverse-proxy: From 616fd4b5b7a1a2e90ee09d9394a1c16835fcec47 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 1 Aug 2022 14:16:55 -0700 Subject: [PATCH 11/58] [Gradle Release Plugin] - pre tag commit: '1.11.1'. --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 7efe1ae08..a834b2548 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ name=shibui group=edu.internet2.tier.shibboleth.admin.ui -version=1.12.0-SNAPSHOT +version=1.11.1 ### library versions ### commonsCollections4Version=4.4 From 204b894bb6eb214f403279feed77f8575653787f Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 1 Aug 2022 14:37:46 -0700 Subject: [PATCH 12/58] NOJIRA Reverting version to fix release --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index a834b2548..f5fa06b55 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ name=shibui group=edu.internet2.tier.shibboleth.admin.ui -version=1.11.1 +version=1.11.0-SNAPSHOT ### library versions ### commonsCollections4Version=4.4 From 487dbb46c5199f64ddf7c88b5470f69bf6e466ee Mon Sep 17 00:00:00 2001 From: Charles Hasegawa Date: Mon, 1 Aug 2022 22:53:09 +0000 Subject: [PATCH 13/58] gradle.properties edited online with Bitbucket - correcting version number --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index f5fa06b55..7efe1ae08 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ name=shibui group=edu.internet2.tier.shibboleth.admin.ui -version=1.11.0-SNAPSHOT +version=1.12.0-SNAPSHOT ### library versions ### commonsCollections4Version=4.4 From 58e4d55b58e3f6ba1897f0042994493e8cca4b7a Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Tue, 2 Aug 2022 08:25:55 -0700 Subject: [PATCH 14/58] Updated tooltips for FileBacked Provider --- backend/src/main/resources/i18n/messages.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index a9a0560be..12c4337ec 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -679,7 +679,7 @@ tooltip.http-max-cache-entries=The maximum number of responses written to cache. tooltip.max-cache-entry-size=The maximum response body size that may be cached, in bytes. This attribute is incompatible with httpClientRef. tooltip.metadata-provider-name=Metadata Provider Name (for display on the Dashboard only) -tooltip.metadata-provider-type=Metadata Provider Type +tooltip.metadata-provider-type=The precise behavior of any element is controlled by the xsi:type attribute. This specifies the exact type of provider to use. tooltip.xml-id=Identifier for logging, identification for command line reload, etc. tooltip.metadata-url=The URL that the metadata is served from. tooltip.metadata-file=The absolute path to the local metadata file to be loaded. @@ -707,7 +707,7 @@ tooltip.expiration-warning-threshold=For each attempted metadata refresh (whethe tooltip.filter-name=Filter Name tooltip.enable-filter=Enable Filter? -tooltip.enable-service=Enable Service? +tooltip.enable-service=A boolean value representing whether or not this metadata should be enabled within the Shibboleth IDP UI. tooltip.min-cache-duration=The minimum duration for which metadata will be cached before it is refreshed. tooltip.max-cache-duration=The maximum duration for which metadata will be cached before it is refreshed. From f1d5c73feaeec35ab92ed070ede8cac5b6fabea3 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Tue, 2 Aug 2022 08:41:03 -0700 Subject: [PATCH 15/58] Updated tooltips for DynamicHttp Provider --- backend/src/main/resources/i18n/messages.properties | 4 ++-- ui/public/assets/schema/provider/filebacked-http.schema.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 12c4337ec..c3912d507 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -721,8 +721,8 @@ tooltip.source-directory=Convenience mechanism for wiring a FilesystemLoadSaveMa tooltip.remove-idle-entity-data=Flag indicating whether idle metadata should be removed. tooltip.do-resolver-initialization=Initialize this resolver? In the case of Filesystem resolvers, this will cause the system to read the file and index the resolver. -tooltip.md-request-type=Options are 1) Metadata Query Protocol, 2) Regex. -tooltip.md-request-value=Content of the element. +tooltip.md-request-type=Constructs the metadata request URL based on 1) Metadata Query Protocol, or 2) Regex (a regular expression). +tooltip.md-request-value=Content of the element based on the Metadata Request URL Construction Type. tooltip.transform-ref=A reference to a transform function for the entityID. If used, the child element must be empty. tooltip.encoding-style=Determines whether and how the entityID value will be URL encoded prior to replacement. Allowed values are: 1) "none" - no encoding is performed, 2) "form" - encoded using URL form parameter encoding (for query parameters), 3) "path" - encoded using URL path encoding, or 4) "fragment" - encoded using URL fragment encoding. The precise definition of these terms is defined in the documentation for the methods of the Guava library\u0027s UrlEscapers class. tooltip.velocity-engine=This attribute may be used to specify the name of the Velocity engine defined within the application. diff --git a/ui/public/assets/schema/provider/filebacked-http.schema.json b/ui/public/assets/schema/provider/filebacked-http.schema.json index dffeaa65e..e1b0d95c7 100644 --- a/ui/public/assets/schema/provider/filebacked-http.schema.json +++ b/ui/public/assets/schema/provider/filebacked-http.schema.json @@ -42,8 +42,8 @@ "const": "FileBackedHttpMetadataResolver" }, "enabled": { - "title": "label.enable-service", - "description": "tooltip.enable-service", + "title": "label.enable-provider-upon-saving", + "description": "tooltip.enable-provider-upon-saving", "type": "boolean", "default": false }, From ab30407b04309ac8d90a29b2b68f9ce51b2f8494 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Tue, 2 Aug 2022 14:24:07 -0700 Subject: [PATCH 16/58] Updated tooltips for Metadata Sources and filters --- .../main/resources/i18n/messages.properties | 75 ++++++++++--------- .../resources/metadata-sources-ui-schema.json | 2 +- .../component/fields/FilterTargetField.js | 4 +- .../wizard/MetadataFilterTypeSelector.js | 4 +- 4 files changed, 43 insertions(+), 42 deletions(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index c3912d507..8da49adb7 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -615,34 +615,35 @@ message.session-timeout-heading=Session timed out message.session-timeout-body=Your session has timed out. Please login again. message.session-timeout=An error has occurred while saving. Your session may have timed out. -tooltip.entity-id=Entity ID +tooltip.entity-id=An entityID is the SAML identifier that uniquely names a service provider. tooltip.service-provider-name=Service Provider Name (Dashboard Display Only) -tooltip.force-authn=Disallows use (or reuse) of authentication results and login flows that don\u0027t provide a real-time proof of user presence in the login process +tooltip.force-authn=Disallows use (or reuse) of authentication results and login flows that don\u0027t provide a real-time proof of user presence in the login process. tooltip.service-provider-name-dashboard-display-only=Service Provider Name (Dashboard Display Only) tooltip.service-provider-entity-id=Service Provider Entity ID -tooltip.organization-name=Organization Name -tooltip.organization-display-name=Organization Display Name -tooltip.organization-url=Organization URL +tooltip.organization-name=Name of the organization standing up the entity. +tooltip.organization-display-name=Name of the organization standing up the entity to be used for display purposes. +tooltip.organization-url=URL of the organization standing up the entity. tooltip.name=Name tooltip.type=Type tooltip.email-address=Email Address -tooltip.assertion-consumer-service-location=Assertion Consumer Service Location -tooltip.assertion-consumer-service-location-binding=Assertion Consumer Service Location Binding -tooltip.mark-as-default=Mark as Default -tooltip.protocol-support-enumeration=Protocol Support Enumeration -tooltip.nameid-format=Content is name identifier format which is added to all the applicable roles of the entities which match any of the following or {{}}elements. -tooltip.enable-this-service-upon-saving=If checkbox is clicked, the metadata provider is enabled for integration with the IdP +tooltip.assertion-consumer-service-location=Path used to invoke handler (when appended to the base handlerURL). +tooltip.assertion-consumer-service-location-binding=The binding attribute of the element is a standard URI specified in the SAML 2.0 Binding specification. +tooltip.assertion-consumer-service-endpoints=An Assertion Consumer Service (or ACS) is SAML terminology for the location at a ServiceProvider that accepts messages (or SAML artifacts) for the purpose of establishing a session based on an assertion. +tooltip.mark-as-default=Whether to mark this endpoint as the default by setting the "isDefault" property. +tooltip.protocol-support-enumeration=This attribute contains a space-delimited collection of URIs that represent general classes of protocol support for the role in question. There are URIs defined by the various standards and profiles to represent the fact that an entity acting in a role "supports" a particular protocol family, such as SAML 2.0 or the Shibboleth profile of SAML 1.1. +tooltip.nameid-format=Content is name identifier format which is added to all the applicable roles of the entities which match any of the following or elements. +tooltip.enable-this-service-upon-saving=If checkbox is clicked, the metadata is enabled for integration with the IdP tooltip.is-there-a-x509-certificate=Is there a X509 Certificate? -tooltip.authentication-requests-signed=Authentication Requests Signed -tooltip.want-assertions-signed=Want Assertions Signed -tooltip.certificate-name=Certificate Name -tooltip.certificate-type=Certificate Type -tooltip.certificate=Certificate -tooltip.logout-endpoints=Logout Endpoints -tooltip.logout-endpoints-url=Logout Endpoints Url -tooltip.logout-endpoints-binding-type=Logout Endpoints Binding Type -tooltip.url=Logout Endpoints Url -tooltip.binding-type=Logout Endpoints Binding Type +tooltip.authentication-requests-signed=Whether to sign requests. +tooltip.want-assertions-signed=Whether to sign assertions. Element declares that the service provider wants the element to be digitally signed. +tooltip.certificate-name=Value used by the IDP UI to identify certificates. +tooltip.certificate-type=Describes the use to which the credential will be put (as defined by the SAML standard) +tooltip.certificate=A certificate containing a public key to use to require and verify an XML signature over the resource. +tooltip.logout-endpoints=If your SP supports SAML 2.0 Single Logout, you will need to include one or more endpoint elements in the metadata. +tooltip.logout-endpoints-url=The location of the handler (when combined with the base handlerURL). This is the location to which an IdP sends messages using whatever protocol and binding it shares with the SP. Each combination of SLO protocol and binding is installed at a unique location to improve efficiency. +tooltip.logout-endpoints-binding-type=Identifies the protocol binding supported by the handler. Bindings describe how the message is packaged by the IdP (or by the browser in some cases) for consumption by the handler. +tooltip.url=The location of the handler (when combined with the base handlerURL). This is the location to which an IdP sends messages using whatever protocol and binding it shares with the SP. Each combination of SLO protocol and binding is installed at a unique location to improve efficiency. +tooltip.binding-type=Identifies the protocol binding supported by the handler. Bindings describe how the message is packaged by the IdP (or by the browser in some cases) for consumption by the handler. tooltip.mdui-display-name=Typically, the IdP Display Name field will be presented on IdP discovery service interfaces. tooltip.mdui-information-url=The IdP Information URL is a link to a comprehensive information page about the IdP. This page should expand on the content of the IdP Description field. tooltip.mdui-description=The IdP Description is a brief description of the IdP service. On a well-designed discovery interface, the IdP Description will be presented to the user in addition to the IdP Display Name, and so the IdP Description helps disambiguate duplicate or similar IdP Display Names. @@ -650,21 +651,21 @@ tooltip.mdui-privacy-statement-url=The IdP Privacy Statement URL is a link to th tooltip.mdui-logo-url=The IdP Logo URL in metadata points to an image file on a remote server. A discovery service, for example, may rely on a visual cue (i.e., a logo) instead of or in addition to the IdP Display Name. tooltip.mdui-logo-width=The logo should have a minimum width of 100 pixels tooltip.mdui-logo-height=The logo should have a minimum height of 75 pixels and a maximum height of 150 pixels (or the application will scale it proportionally) -tooltip.contact-name=Contact Name -tooltip.contact-type=Contact Type -tooltip.contact-email=Contact Email -tooltip.sign-assertion=Sign Assertion -tooltip.dont-sign-response=Don\u0027t Sign Response -tooltip.turn-off-encryption=Turn Off Encryption of Response -tooltip.usa-sha-algorithm=Use SHA1 Signing Algorithm -tooltip.authentication-methods-to-use=Authentication Methods to Use -tooltip.ignore-auth-method=Ignore any SP-Requested Authentication Method -tooltip.omit-not-before-condition=Omit Not Before Condition -tooltip.responder-id=ResponderId +tooltip.contact-name=The given name of the contact. +tooltip.contact-type=Type / role of the contact. +tooltip.contact-email=Email address of the contact. +tooltip.sign-assertion=Sign Assertion declares that the service provider wants the element to be digitally signed. +tooltip.dont-sign-response=Don\u0027t Sign Response. +tooltip.turn-off-encryption=Whether to turn off encryption of the response. +tooltip.usa-sha-algorithm=Whether to use the SHA1 Signing Algorithm. +tooltip.authentication-methods-to-use=The method used to authenticate the subject. +tooltip.ignore-auth-method=Whether to ignore any SP-Requested Authentication Method. +tooltip.omit-not-before-condition=Whether to include a NotBefore attribute in assertions. +tooltip.responder-id=Identifier of the selected SAML IdP entity. tooltip.instruction=Information icon tooltip.attribute-release-table=Attribute release table - select the attributes you want to release (default unchecked) tooltip.metadata-filter-name=Metadata Filter Name -tooltip.metadata-filter-type=Metadata Filter Type +tooltip.metadata-filter-type=The precise behavior of any element is controlled by the xsi:type attribute. tooltip.connection-request-timeout=The maximum amount of time to wait for a connection to be returned from the HTTP client\u0027s connection pool manager. Set to PT0S to disable. This attribute is incompatible with httpClientRef. tooltip.connection-timeout=The maximum amount of time to wait to establish a connection with the remote server. Set to PT0S to disable. This attribute is incompatible with httpClientRef. tooltip.socket-timeout=The maximum amount of time to wait between two consecutive packets while reading from the socket connected to the remote server. Set to PT0S to disable. This attribute is incompatible with httpClientRef. @@ -690,7 +691,7 @@ tooltip.require-valid-metadata=Whether candidate metadata found by the resolver tooltip.fail-fast-init=Whether to fail initialization of the underlying MetadataResolverService (and possibly the IdP as a whole) if the initialization of a metadata provider fails. When false, the IdP may start, and will continue to attempt to reload valid metadata if configured to do so, but operations that require valid metadata will fail until it does. tooltip.use-default-predicate-reg=Flag which determines whether the default CriterionPredicateRegistry will be used if a custom one is not supplied explicitly. tooltip.satisfy-any-predicates=Flag which determines whether predicates used in filtering are connected by a logical 'OR' (true) or by logical 'AND' (false). -tooltip.enable-provider-upon-saving=If checkbox is clicked, the metadata provider is enabled for integration with the IdP +tooltip.enable-provider-upon-saving=If checkbox is clicked, the metadata provider is enabled for integration with the IdP. tooltip.max-validity-interval=Defines the window within which the metadata is valid. tooltip.require-signed-root=If true, this fails to load metadata with no signature on the root XML element. @@ -706,9 +707,9 @@ tooltip.resolve-via-predicates-only=Flag indicating whether resolution may be pe tooltip.expiration-warning-threshold=For each attempted metadata refresh (whether or not fresh metadata is obtained), if requireValidMetadata is true, and there is a validUntil XML attribute on the document root element, and the difference between validUntil and the current time is less than expirationWarningThreshold, the system logs a warning about the impending expiration. tooltip.filter-name=Filter Name -tooltip.enable-filter=Enable Filter? +tooltip.enable-filter=If checkbox is clicked, the metadata filter is enabled for integration with the IdP. tooltip.enable-service=A boolean value representing whether or not this metadata should be enabled within the Shibboleth IDP UI. - +tooltip.search-by=Indicates the type of search to be performed. tooltip.min-cache-duration=The minimum duration for which metadata will be cached before it is refreshed. tooltip.max-cache-duration=The maximum duration for which metadata will be cached before it is refreshed. tooltip.max-idle-entity-data=The maximum duration for which metadata will be allowed to be idle (no requests for it) before it is removed from the cache. @@ -739,4 +740,4 @@ tooltip.group-description=Group Description tooltip.role-name=Role Name tooltip.role-description=Role Description -tooltip.contact-information=Contact Information \ No newline at end of file +tooltip.contact-information=Contacts provide information about how to contact the organization responsible for standing up the entity. \ No newline at end of file diff --git a/backend/src/main/resources/metadata-sources-ui-schema.json b/backend/src/main/resources/metadata-sources-ui-schema.json index 09abb43c1..2d64f96bb 100644 --- a/backend/src/main/resources/metadata-sources-ui-schema.json +++ b/backend/src/main/resources/metadata-sources-ui-schema.json @@ -102,7 +102,7 @@ }, "assertionConsumerServices": { "title": "label.assertion-consumer-service-endpoints", - "description": "", + "description": "tooltip.assertion-consumer-service-endpoints", "type": "array", "items": { "$ref": "#/definitions/AssertionConsumerService" diff --git a/ui/src/app/form/component/fields/FilterTargetField.js b/ui/src/app/form/component/fields/FilterTargetField.js index 0cdaa50ce..afb4f7828 100644 --- a/ui/src/app/form/component/fields/FilterTargetField.js +++ b/ui/src/app/form/component/fields/FilterTargetField.js @@ -145,7 +145,7 @@ const FilterTargetField = ({ @@ -170,7 +170,7 @@ const FilterTargetField = ({ - +
diff --git a/ui/src/app/metadata/wizard/MetadataFilterTypeSelector.js b/ui/src/app/metadata/wizard/MetadataFilterTypeSelector.js index 09260c018..8318bbda1 100644 --- a/ui/src/app/metadata/wizard/MetadataFilterTypeSelector.js +++ b/ui/src/app/metadata/wizard/MetadataFilterTypeSelector.js @@ -41,8 +41,8 @@ export function MetadataFilterTypeSelector({ types = [], children, actions}) {
- - + + Date: Tue, 2 Aug 2022 14:36:26 -0700 Subject: [PATCH 17/58] Updated tooltips for Groups and Roles --- .../main/resources/i18n/messages.properties | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 8da49adb7..0f22d95b6 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -152,21 +152,21 @@ heading.shibboleth=Shibboleth label.source-configuration=Metadata Source Configuration label.provider-configuration=Metadata Provider Configuration label.entity-attribute-name=Custom Entity Attribute Name -tooltip.entity-attribute-name=Custom Entity Attribute Name +tooltip.entity-attribute-name=Name of the attribute that the service provider uses and requires from the identity provider. It corresponds to the element in the SAML assertion. label.entity-attribute-type=Attribute Type -tooltip.entity-attribute-type=Attribute Type +tooltip.entity-attribute-type=Data type of the attribute such as boolean or string. label.entity-attribute-help=Help Text -tooltip.entity-attribute-help=Help Text +tooltip.entity-attribute-help=Defines help text used in the Shibboleth IDP UI when adding the attribute. label.entity-attribute-default=Default Value -tooltip.entity-attribute-default=Default Value +tooltip.entity-attribute-default=The default value of the attribute. label.entity-attribute-list-options=List options -tooltip.entity-attribute-list-options=List options +tooltip.entity-attribute-list-options=A list of pre-defined selectable options for a user to select from in the Shibboleth IDP UI. label.entity-attribute-friendly-name=Friendly name -tooltip.entity-attribute-friendly-name=Friendly name +tooltip.entity-attribute-friendly-name=A descriptive or human-friendly name for users of the Shibboleth IDP UI. label.entity-attribute-attr-name=Attribute name -tooltip.entity-attribute-attr-name=This is normally a uri or urn +tooltip.entity-attribute-attr-name=Indicates how to interpret the attribute name. It corresponds to the element in the SAML assertion. This is normally a uri or urn. label.entity-attribute-display-name=Display name -tooltip.entity-attribute-display-name=Display name +tooltip.entity-attribute-display-name=Provides a human readable value that identifies the subject. This value is not guaranteed to be unique and is designed to be used only for display purposes. label.entity-attribute-persist-value=Persist Value label.entity-attribute-persist-type=Persist Type @@ -508,7 +508,7 @@ label.source=Metadata Source label.provider=Metadata Provider label.url-validation-regex=URL validation regular expression -tooltip.url-validation-regex=URL validation regular expression +tooltip.url-validation-regex=URL validation regular expression. This is used by the Shibboleth IDP UI to restrict entities that may be targetted by this group and is added as form validation. label.bundle-name=Bundle name label.bundle-disp=Bundle - {name} @@ -734,10 +734,10 @@ tooltip.nameid-formats-format=Format tooltip.nameid-formats-value=Value tooltip.nameid-formats-type=Type -tooltip.group-name=Group Name -tooltip.group-description=Group Description +tooltip.group-name=A user friendly name used to identify the group. +tooltip.group-description=A description of the purpose of the group. -tooltip.role-name=Role Name -tooltip.role-description=Role Description +tooltip.role-name=A user friendly name used to identify the role. +tooltip.role-description=A description of the purpose of the role. tooltip.contact-information=Contacts provide information about how to contact the organization responsible for standing up the entity. \ No newline at end of file From 9763d10f204f35f5136ae1bf927d6e8f334719e4 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Tue, 2 Aug 2022 14:59:52 -0700 Subject: [PATCH 18/58] Fixed issue with scrollbar on dashboard --- .../domain/provider/component/ProviderList.js | 151 +++++++++--------- .../domain/source/component/SourceList.js | 9 +- 2 files changed, 83 insertions(+), 77 deletions(-) diff --git a/ui/src/app/metadata/domain/provider/component/ProviderList.js b/ui/src/app/metadata/domain/provider/component/ProviderList.js index 1b367a69d..9a9ac90d4 100644 --- a/ui/src/app/metadata/domain/provider/component/ProviderList.js +++ b/ui/src/app/metadata/domain/provider/component/ProviderList.js @@ -18,83 +18,86 @@ export function ProviderList({ children, entities, reorder = true, first, last, const translator = useTranslator(); return ( - - {(limited) =>
- - - - - - - - - - - - - {limited.map((provider, idx) => - - + + )} + +
OrderTitleProvider TypeAuthorCreated DateEnabled
-
- {reorder ? -
{idx + 1}
+ + + {(limited) =>
+ + + + + + + + + + + + + {limited.map((provider, idx) => + + + + + + + - - - - - - - )} - -
OrderTitleProvider TypeAuthorCreated DateEnabled
+
+ {reorder ? +
{idx + 1}
+ : +
+ } +   + + +
+ 		+ {provider.name} + { provider['@type'] }{ provider.createdBy } + + {onEnable && isAdmin ? + onEnable(provider, checked)} + checked={provider.enabled} + > + : -
+ + + } -   - - - - 		- {provider.name} - { provider['@type'] }{ provider.createdBy } - - {onEnable && isAdmin ? - onEnable(provider, checked)} - checked={provider.enabled} - > - - : - - - - } - -
+ +
+
+ } + {children} -
- } - + + ); } diff --git a/ui/src/app/metadata/domain/source/component/SourceList.js b/ui/src/app/metadata/domain/source/component/SourceList.js index 42af027dd..8e8a10825 100644 --- a/ui/src/app/metadata/domain/source/component/SourceList.js +++ b/ui/src/app/metadata/domain/source/component/SourceList.js @@ -23,7 +23,8 @@ export default function SourceList({ entities, onDelete, onEnable, onChangeGroup const canEnable = useCanEnable(); return ( - + + {(limited) =>
@@ -122,9 +123,11 @@ export default function SourceList({ entities, onDelete, onEnable, onChangeGroup
- {children}
} - + + {children} + + ); } From 6184aa0bcc24609441139d80e8ef26b6e7bc6dbb Mon Sep 17 00:00:00 2001 From: Bill Smith Date: Tue, 2 Aug 2022 19:15:09 -0400 Subject: [PATCH 19/58] SHIBUI-1978 Small test tweak for stability. --- .../integration/resources/SHIBUI-1732-4.side | 37 +++++++++++-------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/backend/src/integration/resources/SHIBUI-1732-4.side b/backend/src/integration/resources/SHIBUI-1732-4.side index 6aab66e67..214a49cbd 100644 --- a/backend/src/integration/resources/SHIBUI-1732-4.side +++ b/backend/src/integration/resources/SHIBUI-1732-4.side @@ -992,6 +992,13 @@ ["xpath=//div[3]/div/div/div[3]/button", "xpath:position"] ], "value": "" + }, { + "id": "14c486b1-bdff-4474-94e3-b4286303a8fd", + "comment": "", + "command": "pause", + "target": "5000", + "targets": [], + "value": "" }, { "id": "e3892564-1a1b-4ee6-bbab-49d3cb3079d7", "comment": "", @@ -999,21 +1006,21 @@ "target": "css=table > tbody > tr", "targets": [], "value": "" - },{ - "id": "4ec2c493-85e4-403b-9b09-031c5728f498", - "comment": "", - "command": "open", - "target": "/api/heheheheheheheWipeout", - "targets": [], - "value": "" - }, { - "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", - "comment": "", - "command": "assertText", - "target": "css=body", - "targets": [], - "value": "yes, you did it" - }] + }, { + "id": "4ec2c493-85e4-403b-9b09-031c5728f498", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] }], "suites": [{ "id": "575d414c-556d-45f7-b2f2-c9971ad51348", From 9d14f8e197f28b3a923268844abf7092d378b56f Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 4 Aug 2022 11:32:22 -0700 Subject: [PATCH 20/58] Set popover icons to placement auto --- ui/src/app/form/component/InfoIcon.js | 2 +- ui/src/app/form/component/fields/DescriptionField.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ui/src/app/form/component/InfoIcon.js b/ui/src/app/form/component/InfoIcon.js index 209e4f426..a9dbb9363 100644 --- a/ui/src/app/form/component/InfoIcon.js +++ b/ui/src/app/form/component/InfoIcon.js @@ -7,7 +7,7 @@ import Button from 'react-bootstrap/Button'; import Translate from '../../i18n/components/translate'; import { useTranslator } from '../../i18n/hooks'; -export function InfoIcon ({ value = '', placement='left', ...props }) { +export function InfoIcon ({ value = '', placement='auto', ...props }) { const translate = useTranslator(); return( { if (description) { - return ; + return ; } return null; From 099ccb8fb788e38b6a2c7f76015decfc4dce11bc Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 4 Aug 2022 14:24:22 -0700 Subject: [PATCH 21/58] Added initial UI for property list --- ui/public/assets/data/properties.json | 1 + .../assets/schema/properties/property.json | 30 ++++++ ui/src/app/App.js | 6 ++ ui/src/app/admin/Properties.js | 34 +++++++ ui/src/app/admin/component/PropertyForm.js | 56 +++++++++++ ui/src/app/admin/container/EditProperty.js | 92 +++++++++++++++++++ ui/src/app/admin/container/NewProperty.js | 80 ++++++++++++++++ ui/src/app/admin/container/PropertyList.js | 80 ++++++++++++++++ ui/src/app/admin/hoc/PropertiesProvider.js | 42 +++++++++ ui/src/app/admin/hoc/PropertyProvider.js | 20 ++++ ui/src/app/admin/hooks.js | 16 ++++ ui/src/app/core/components/Header.js | 6 +- 12 files changed, 462 insertions(+), 1 deletion(-) create mode 100644 ui/public/assets/data/properties.json create mode 100644 ui/public/assets/schema/properties/property.json create mode 100644 ui/src/app/admin/Properties.js create mode 100644 ui/src/app/admin/component/PropertyForm.js create mode 100644 ui/src/app/admin/container/EditProperty.js create mode 100644 ui/src/app/admin/container/NewProperty.js create mode 100644 ui/src/app/admin/container/PropertyList.js create mode 100644 ui/src/app/admin/hoc/PropertiesProvider.js create mode 100644 ui/src/app/admin/hoc/PropertyProvider.js diff --git a/ui/public/assets/data/properties.json b/ui/public/assets/data/properties.json new file mode 100644 index 000000000..0637a088a --- /dev/null +++ b/ui/public/assets/data/properties.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/ui/public/assets/schema/properties/property.json b/ui/public/assets/schema/properties/property.json new file mode 100644 index 000000000..f0e90ff49 --- /dev/null +++ b/ui/public/assets/schema/properties/property.json @@ -0,0 +1,30 @@ +{ + "type": "object", + "required": [ + "property", + "value" + ], + "properties": { + "property": { + "title": "label.property-key", + "description": "tooltip.property-key", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "description": { + "title": "label.property-descr", + "description": "tooltip.property-descr", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "value": { + "title": "label.property-value", + "description": "tooltip.property-value", + "type": "string", + "minLength": 1, + "maxLength": 255 + } + } +} \ No newline at end of file diff --git a/ui/src/app/App.js b/ui/src/app/App.js index 546241f10..9c4e00422 100644 --- a/ui/src/app/App.js +++ b/ui/src/app/App.js @@ -34,6 +34,7 @@ import { Roles } from './admin/Roles'; import { Groups } from './admin/Groups'; import { BASE_PATH } from './App.constant'; import { ProtectRoute } from './core/components/ProtectRoute'; +import { Properties } from './admin/Properties'; function App() { @@ -108,6 +109,11 @@ function App() { } /> + + + + + } /> diff --git a/ui/src/app/admin/Properties.js b/ui/src/app/admin/Properties.js new file mode 100644 index 000000000..b81e0af48 --- /dev/null +++ b/ui/src/app/admin/Properties.js @@ -0,0 +1,34 @@ +import React from 'react'; +import { Switch, Route, useRouteMatch, Redirect } from 'react-router-dom'; +import { PropertiesProvider } from './hoc/PropertiesProvider'; +import { NewProperty } from './container/NewProperty'; +import { EditProperty } from './container/EditProperty'; +import { PropertyList } from './container/PropertyList'; + +export function Properties() { + + let { path, url } = useRouteMatch(); + + return ( + <> + + + + {(properties, onDelete) => + + } + + } /> + + + } /> + + + } /> + + + } /> + + + ); +} \ No newline at end of file diff --git a/ui/src/app/admin/component/PropertyForm.js b/ui/src/app/admin/component/PropertyForm.js new file mode 100644 index 000000000..54a0800ea --- /dev/null +++ b/ui/src/app/admin/component/PropertyForm.js @@ -0,0 +1,56 @@ +import React from 'react'; +import Button from 'react-bootstrap/Button'; +import Form from '../../form/Form'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; +import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons'; +import Translate from '../../i18n/components/translate'; + +import { usePropertyUiSchema } from '../hooks'; +import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager'; + +export function PropertyForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { + + const { dispatch } = React.useContext(FormContext); + const onChange = ({ formData, errors }) => { + dispatch(setFormDataAction(formData)); + dispatch(setFormErrorAction(errors)); + }; + + const uiSchema = usePropertyUiSchema(); + + return (<> +
+
+ + + + +
+
+
+
+ onChange(form)} + schema={schema} + uiSchema={uiSchema} + liveValidate={true}> + <> + +
+
+
+ ) +} +/**/ \ No newline at end of file diff --git a/ui/src/app/admin/container/EditProperty.js b/ui/src/app/admin/container/EditProperty.js new file mode 100644 index 000000000..beac8c5f8 --- /dev/null +++ b/ui/src/app/admin/container/EditProperty.js @@ -0,0 +1,92 @@ +import React from 'react'; + +import { Prompt, useHistory } from 'react-router-dom'; +import { useParams } from 'react-router-dom'; +import Translate from '../../i18n/components/translate'; +import { useProperties } from '../hooks'; +import { Schema } from '../../form/Schema'; +import { FormManager } from '../../form/FormManager'; + +import { PropertyForm } from '../component/PropertyForm'; +import { PropertyProvider } from '../hoc/PropertyProvider'; +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; +import { BASE_PATH } from '../../App.constant'; + +export function EditProperty() { + + const { id } = useParams(); + + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const history = useHistory(); + + const { put, response, loading } = useProperties(); + + const [blocking, setBlocking] = React.useState(false); + + async function save(property) { + let toast; + const resp = await put(`/${property.resourceId}`, property); + if (response.ok) { + gotoDetail({ refresh: true }); + toast = createNotificationAction(`Updated property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + }; + + const cancel = () => { + gotoDetail(); + }; + + const gotoDetail = (state = null) => { + setBlocking(false); + history.push(`/properties`, state); + }; + + return ( +
+ + `message.unsaved-editor` + } + /> +
+
+
+
+ Edit property +
+
+
+
+ + {(property) => + + {(schema) => + <>{property && + + {(data, errors) => + save(data)} + onCancel={() => cancel()} />} + + }} + + } + +
+
+
+ ); +} \ No newline at end of file diff --git a/ui/src/app/admin/container/NewProperty.js b/ui/src/app/admin/container/NewProperty.js new file mode 100644 index 000000000..911a10bc8 --- /dev/null +++ b/ui/src/app/admin/container/NewProperty.js @@ -0,0 +1,80 @@ +import React from 'react'; + +import { Prompt, useHistory } from 'react-router-dom'; +import Translate from '../../i18n/components/translate'; +import { useProperties } from '../hooks'; +import { Schema } from '../../form/Schema'; +import { FormManager } from '../../form/FormManager'; +import { PropertyForm } from '../component/PropertyForm'; + +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; +import { BASE_PATH } from '../../App.constant'; + +export function NewProperty() { + const history = useHistory(); + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const { post, response, loading } = useProperties({}); + + const [blocking, setBlocking] = React.useState(false); + + async function save(property) { + let toast; + const resp = await post(``, property); + if (response.ok) { + gotoDetail({ refresh: true }); + toast = createNotificationAction(`Added property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + }; + + const cancel = () => { + gotoDetail(); + }; + + const gotoDetail = (state = null) => { + setBlocking(false); + history.push(`/properties`, state); + }; + + return ( +
+ + `message.unsaved-editor` + } + /> +
+
+
+
+ Add a new property +
+
+
+
+ + {(schema) => + + {(data, errors) => + save(data)} + onCancel={() => cancel()} />} + } + +
+
+
+ ); +} \ No newline at end of file diff --git a/ui/src/app/admin/container/PropertyList.js b/ui/src/app/admin/container/PropertyList.js new file mode 100644 index 000000000..2312cc1d2 --- /dev/null +++ b/ui/src/app/admin/container/PropertyList.js @@ -0,0 +1,80 @@ +import React from 'react'; +import { faEdit, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; + +import Button from 'react-bootstrap/Button'; +import { Link } from 'react-router-dom'; + +import { Translate } from '../../i18n/components/translate'; + +import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; + +export function PropertyList({ properties, onDelete }) { + + const remove = (id) => { + onDelete(id); + } + + return ( + + {(block) => +
+
+
+
+ + Roles Management + +
+
+
+ +   + Add new property + +
+
+ + + + + + + + + {(properties?.length > 0) ? properties.map((property, i) => + + + + + ) : + + } + +
+ Role Name + Actions
{property.name} + + + + + Edit + + + + +
No properties defined.
+
+
+
+
+
+ } + + ); +} \ No newline at end of file diff --git a/ui/src/app/admin/hoc/PropertiesProvider.js b/ui/src/app/admin/hoc/PropertiesProvider.js new file mode 100644 index 000000000..341d7736f --- /dev/null +++ b/ui/src/app/admin/hoc/PropertiesProvider.js @@ -0,0 +1,42 @@ +import React from 'react'; +import { useProperties } from '../hooks'; +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; + +export function PropertiesProvider({ children, cache = 'no-cache' }) { + + const [properties, setProperties] = React.useState([]); + + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const { get, del, response, loading } = useProperties({ + cachePolicy: cache + }); + + async function loadProperties() { + const list = await get(`assets/data/properties.json`); + if (response.ok) { + setProperties(list); + } + } + + async function removeProperty(id) { + let toast; + const resp = await del(`/${id}`); + if (response.ok) { + loadProperties(); + toast = createNotificationAction(`Deleted property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperties() }, []); + + return (<>{children(properties, removeProperty, loading)}); +} \ No newline at end of file diff --git a/ui/src/app/admin/hoc/PropertyProvider.js b/ui/src/app/admin/hoc/PropertyProvider.js new file mode 100644 index 000000000..119f3d26d --- /dev/null +++ b/ui/src/app/admin/hoc/PropertyProvider.js @@ -0,0 +1,20 @@ +import React from 'react'; +import { useProperty } from '../hooks'; + +export function PropertyProvider({ id, children }) { + + const [property, setProperty] = React.useState(); + const { get, response } = useProperty(id); + + async function loadProperty() { + const r = await get(``); + if (response.ok) { + setProperty(r); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperty() }, []); + + return (<>{children(property)}); +} \ No newline at end of file diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js index b2c63a7c3..955c510a6 100644 --- a/ui/src/app/admin/hooks.js +++ b/ui/src/app/admin/hooks.js @@ -46,3 +46,19 @@ export function useGroupUiValidator() { export function useRoleUiSchema() { return {}; } + +export function useProperties (opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/properties`, opts); +} + +export function useProperty (id, opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/property/${id}`, opts); +} + +export function usePropertyUiSchema () { + return { + description: { + 'ui:widget': 'textarea' + } + }; +} diff --git a/ui/src/app/core/components/Header.js b/ui/src/app/core/components/Header.js index ff979056b..d8773a709 100644 --- a/ui/src/app/core/components/Header.js +++ b/ui/src/app/core/components/Header.js @@ -7,7 +7,7 @@ import Dropdown from 'react-bootstrap/Dropdown'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; -import { faTh, faSignOutAlt, faPlusCircle, faCube, faCubes, faUsersCog, faSpinner, faUserCircle, faCog, faBoxOpen, faTags, faIdBadge } from '@fortawesome/free-solid-svg-icons'; +import { faTh, faSignOutAlt, faPlusCircle, faCube, faCubes, faUsersCog, faSpinner, faUserCircle, faCog, faBoxOpen, faTags, faIdBadge, faFileLines } from '@fortawesome/free-solid-svg-icons'; import Translate from '../../i18n/components/translate'; import { useTranslator } from '../../i18n/hooks'; @@ -88,6 +88,10 @@ export function Header () { + + + + } From cdc4207d3874972ce13104bf0a96e2b8b97c5bfe Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 4 Aug 2022 14:24:22 -0700 Subject: [PATCH 22/58] Added initial UI for property list Former-commit-id: 099ccb8fb788e38b6a2c7f76015decfc4dce11bc --- ui/public/assets/data/properties.json | 1 + .../assets/schema/properties/property.json | 30 ++++++ ui/src/app/App.js | 6 ++ ui/src/app/admin/Properties.js | 34 +++++++ ui/src/app/admin/component/PropertyForm.js | 56 +++++++++++ ui/src/app/admin/container/EditProperty.js | 92 +++++++++++++++++++ ui/src/app/admin/container/NewProperty.js | 80 ++++++++++++++++ ui/src/app/admin/container/PropertyList.js | 80 ++++++++++++++++ ui/src/app/admin/hoc/PropertiesProvider.js | 42 +++++++++ ui/src/app/admin/hoc/PropertyProvider.js | 20 ++++ ui/src/app/admin/hooks.js | 16 ++++ ui/src/app/core/components/Header.js | 6 +- 12 files changed, 462 insertions(+), 1 deletion(-) create mode 100644 ui/public/assets/data/properties.json create mode 100644 ui/public/assets/schema/properties/property.json create mode 100644 ui/src/app/admin/Properties.js create mode 100644 ui/src/app/admin/component/PropertyForm.js create mode 100644 ui/src/app/admin/container/EditProperty.js create mode 100644 ui/src/app/admin/container/NewProperty.js create mode 100644 ui/src/app/admin/container/PropertyList.js create mode 100644 ui/src/app/admin/hoc/PropertiesProvider.js create mode 100644 ui/src/app/admin/hoc/PropertyProvider.js diff --git a/ui/public/assets/data/properties.json b/ui/public/assets/data/properties.json new file mode 100644 index 000000000..0637a088a --- /dev/null +++ b/ui/public/assets/data/properties.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/ui/public/assets/schema/properties/property.json b/ui/public/assets/schema/properties/property.json new file mode 100644 index 000000000..f0e90ff49 --- /dev/null +++ b/ui/public/assets/schema/properties/property.json @@ -0,0 +1,30 @@ +{ + "type": "object", + "required": [ + "property", + "value" + ], + "properties": { + "property": { + "title": "label.property-key", + "description": "tooltip.property-key", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "description": { + "title": "label.property-descr", + "description": "tooltip.property-descr", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "value": { + "title": "label.property-value", + "description": "tooltip.property-value", + "type": "string", + "minLength": 1, + "maxLength": 255 + } + } +} \ No newline at end of file diff --git a/ui/src/app/App.js b/ui/src/app/App.js index 546241f10..9c4e00422 100644 --- a/ui/src/app/App.js +++ b/ui/src/app/App.js @@ -34,6 +34,7 @@ import { Roles } from './admin/Roles'; import { Groups } from './admin/Groups'; import { BASE_PATH } from './App.constant'; import { ProtectRoute } from './core/components/ProtectRoute'; +import { Properties } from './admin/Properties'; function App() { @@ -108,6 +109,11 @@ function App() { } /> + + + + + } /> diff --git a/ui/src/app/admin/Properties.js b/ui/src/app/admin/Properties.js new file mode 100644 index 000000000..b81e0af48 --- /dev/null +++ b/ui/src/app/admin/Properties.js @@ -0,0 +1,34 @@ +import React from 'react'; +import { Switch, Route, useRouteMatch, Redirect } from 'react-router-dom'; +import { PropertiesProvider } from './hoc/PropertiesProvider'; +import { NewProperty } from './container/NewProperty'; +import { EditProperty } from './container/EditProperty'; +import { PropertyList } from './container/PropertyList'; + +export function Properties() { + + let { path, url } = useRouteMatch(); + + return ( + <> + + + + {(properties, onDelete) => + + } + + } /> + + + } /> + + + } /> + + + } /> + + + ); +} \ No newline at end of file diff --git a/ui/src/app/admin/component/PropertyForm.js b/ui/src/app/admin/component/PropertyForm.js new file mode 100644 index 000000000..54a0800ea --- /dev/null +++ b/ui/src/app/admin/component/PropertyForm.js @@ -0,0 +1,56 @@ +import React from 'react'; +import Button from 'react-bootstrap/Button'; +import Form from '../../form/Form'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; +import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons'; +import Translate from '../../i18n/components/translate'; + +import { usePropertyUiSchema } from '../hooks'; +import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager'; + +export function PropertyForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { + + const { dispatch } = React.useContext(FormContext); + const onChange = ({ formData, errors }) => { + dispatch(setFormDataAction(formData)); + dispatch(setFormErrorAction(errors)); + }; + + const uiSchema = usePropertyUiSchema(); + + return (<> +
+
+ + + + +
+
+
+
+
onChange(form)} + schema={schema} + uiSchema={uiSchema} + liveValidate={true}> + <> +
+
+
+
+ ) +} +/**/ \ No newline at end of file diff --git a/ui/src/app/admin/container/EditProperty.js b/ui/src/app/admin/container/EditProperty.js new file mode 100644 index 000000000..beac8c5f8 --- /dev/null +++ b/ui/src/app/admin/container/EditProperty.js @@ -0,0 +1,92 @@ +import React from 'react'; + +import { Prompt, useHistory } from 'react-router-dom'; +import { useParams } from 'react-router-dom'; +import Translate from '../../i18n/components/translate'; +import { useProperties } from '../hooks'; +import { Schema } from '../../form/Schema'; +import { FormManager } from '../../form/FormManager'; + +import { PropertyForm } from '../component/PropertyForm'; +import { PropertyProvider } from '../hoc/PropertyProvider'; +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; +import { BASE_PATH } from '../../App.constant'; + +export function EditProperty() { + + const { id } = useParams(); + + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const history = useHistory(); + + const { put, response, loading } = useProperties(); + + const [blocking, setBlocking] = React.useState(false); + + async function save(property) { + let toast; + const resp = await put(`/${property.resourceId}`, property); + if (response.ok) { + gotoDetail({ refresh: true }); + toast = createNotificationAction(`Updated property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + }; + + const cancel = () => { + gotoDetail(); + }; + + const gotoDetail = (state = null) => { + setBlocking(false); + history.push(`/properties`, state); + }; + + return ( +
+ + `message.unsaved-editor` + } + /> +
+
+
+
+ Edit property +
+
+
+
+ + {(property) => + + {(schema) => + <>{property && + + {(data, errors) => + save(data)} + onCancel={() => cancel()} />} + + }} + + } + +
+
+
+ ); +} \ No newline at end of file diff --git a/ui/src/app/admin/container/NewProperty.js b/ui/src/app/admin/container/NewProperty.js new file mode 100644 index 000000000..911a10bc8 --- /dev/null +++ b/ui/src/app/admin/container/NewProperty.js @@ -0,0 +1,80 @@ +import React from 'react'; + +import { Prompt, useHistory } from 'react-router-dom'; +import Translate from '../../i18n/components/translate'; +import { useProperties } from '../hooks'; +import { Schema } from '../../form/Schema'; +import { FormManager } from '../../form/FormManager'; +import { PropertyForm } from '../component/PropertyForm'; + +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; +import { BASE_PATH } from '../../App.constant'; + +export function NewProperty() { + const history = useHistory(); + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const { post, response, loading } = useProperties({}); + + const [blocking, setBlocking] = React.useState(false); + + async function save(property) { + let toast; + const resp = await post(``, property); + if (response.ok) { + gotoDetail({ refresh: true }); + toast = createNotificationAction(`Added property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + }; + + const cancel = () => { + gotoDetail(); + }; + + const gotoDetail = (state = null) => { + setBlocking(false); + history.push(`/properties`, state); + }; + + return ( +
+ + `message.unsaved-editor` + } + /> +
+
+
+
+ Add a new property +
+
+
+
+ + {(schema) => + + {(data, errors) => + save(data)} + onCancel={() => cancel()} />} + } + +
+
+
+ ); +} \ No newline at end of file diff --git a/ui/src/app/admin/container/PropertyList.js b/ui/src/app/admin/container/PropertyList.js new file mode 100644 index 000000000..2312cc1d2 --- /dev/null +++ b/ui/src/app/admin/container/PropertyList.js @@ -0,0 +1,80 @@ +import React from 'react'; +import { faEdit, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; + +import Button from 'react-bootstrap/Button'; +import { Link } from 'react-router-dom'; + +import { Translate } from '../../i18n/components/translate'; + +import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; + +export function PropertyList({ properties, onDelete }) { + + const remove = (id) => { + onDelete(id); + } + + return ( + + {(block) => +
+
+
+
+ + Roles Management + +
+
+
+ +   + Add new property + +
+
+ + + + + + + + + {(properties?.length > 0) ? properties.map((property, i) => + + + + + ) : + + } + +
+ Role Name + Actions
{property.name} + + + + + Edit + + + + +
No properties defined.
+
+
+
+
+
+ } + + ); +} \ No newline at end of file diff --git a/ui/src/app/admin/hoc/PropertiesProvider.js b/ui/src/app/admin/hoc/PropertiesProvider.js new file mode 100644 index 000000000..341d7736f --- /dev/null +++ b/ui/src/app/admin/hoc/PropertiesProvider.js @@ -0,0 +1,42 @@ +import React from 'react'; +import { useProperties } from '../hooks'; +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; + +export function PropertiesProvider({ children, cache = 'no-cache' }) { + + const [properties, setProperties] = React.useState([]); + + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const { get, del, response, loading } = useProperties({ + cachePolicy: cache + }); + + async function loadProperties() { + const list = await get(`assets/data/properties.json`); + if (response.ok) { + setProperties(list); + } + } + + async function removeProperty(id) { + let toast; + const resp = await del(`/${id}`); + if (response.ok) { + loadProperties(); + toast = createNotificationAction(`Deleted property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperties() }, []); + + return (<>{children(properties, removeProperty, loading)}); +} \ No newline at end of file diff --git a/ui/src/app/admin/hoc/PropertyProvider.js b/ui/src/app/admin/hoc/PropertyProvider.js new file mode 100644 index 000000000..119f3d26d --- /dev/null +++ b/ui/src/app/admin/hoc/PropertyProvider.js @@ -0,0 +1,20 @@ +import React from 'react'; +import { useProperty } from '../hooks'; + +export function PropertyProvider({ id, children }) { + + const [property, setProperty] = React.useState(); + const { get, response } = useProperty(id); + + async function loadProperty() { + const r = await get(``); + if (response.ok) { + setProperty(r); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperty() }, []); + + return (<>{children(property)}); +} \ No newline at end of file diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js index b2c63a7c3..955c510a6 100644 --- a/ui/src/app/admin/hooks.js +++ b/ui/src/app/admin/hooks.js @@ -46,3 +46,19 @@ export function useGroupUiValidator() { export function useRoleUiSchema() { return {}; } + +export function useProperties (opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/properties`, opts); +} + +export function useProperty (id, opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/property/${id}`, opts); +} + +export function usePropertyUiSchema () { + return { + description: { + 'ui:widget': 'textarea' + } + }; +} diff --git a/ui/src/app/core/components/Header.js b/ui/src/app/core/components/Header.js index ff979056b..d8773a709 100644 --- a/ui/src/app/core/components/Header.js +++ b/ui/src/app/core/components/Header.js @@ -7,7 +7,7 @@ import Dropdown from 'react-bootstrap/Dropdown'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; -import { faTh, faSignOutAlt, faPlusCircle, faCube, faCubes, faUsersCog, faSpinner, faUserCircle, faCog, faBoxOpen, faTags, faIdBadge } from '@fortawesome/free-solid-svg-icons'; +import { faTh, faSignOutAlt, faPlusCircle, faCube, faCubes, faUsersCog, faSpinner, faUserCircle, faCog, faBoxOpen, faTags, faIdBadge, faFileLines } from '@fortawesome/free-solid-svg-icons'; import Translate from '../../i18n/components/translate'; import { useTranslator } from '../../i18n/hooks'; @@ -88,6 +88,10 @@ export function Header () { + + + + } From b0a6b29be55d405acf197cc41961ae18537a6dba Mon Sep 17 00:00:00 2001 From: Sean Porth Date: Fri, 5 Aug 2022 08:49:47 -0400 Subject: [PATCH 23/58] added ignoreRequestSignatures --- backend/src/main/resources/application.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index ffeab970c..bf1367934 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -156,4 +156,10 @@ custom: displayType: boolean helpText: tooltip.force-authn attributeName: http://shibboleth.net/ns/profiles/forceAuthn - attributeFriendlyName: forceAuthn \ No newline at end of file + attributeFriendlyName: forceAuthn + - name: ignoreRequestSignatures + displayName: label.ignore-request-signatures + displayType: boolean + helpText: tooltip.ignore-request-signatures + attributeName: http://shibboleth.net/ns/profiles/ignoreRequestSignatures + attributeFriendlyName: ignoreRequestSignatures \ No newline at end of file From bf7b5d0825d4b86618e7884a07adf88c7ba2c625 Mon Sep 17 00:00:00 2001 From: Bill Smith Date: Wed, 10 Aug 2022 00:07:14 -0400 Subject: [PATCH 24/58] SHIBUI-1674 Initial version of selenium tests for tooltip verification. At least one of these will need updating once some UI issues are fixed. --- .../internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy | 3 +++ 1 file changed, 3 insertions(+) diff --git a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy index 14a65b52b..1792f948c 100644 --- a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy +++ b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy @@ -154,5 +154,8 @@ class SeleniumSIDETest extends Specification { 'SHIBUI-2052: Logged in user & role appear on dashboard' | '/SHIBUI-2052.side' 'SHIBUI-2116: Verify entity attribute bundle highlights' | '/SHIBUI-2116.side' // Note that this script WILL NOT PASS in the Selenium IDE due to ${driver} not being set (it is provided by this groovy script). 'SHIBUI-2269: Verify XML generation of external filters' | '/SHIBUI-2269.side' + 'SHIBUI-1674: Verify metadata source tooltips' | '/SHIBUI-1674-1.side' + 'SHIBUI-1674: Verify metadata provider tooltips' | '/SHIBUI-1674-2.side' + 'SHIBUI-1674: Verify advanced menu tooltips' | '/SHIBUI-1674-3.side' } } From 3b21ca2fef8119a802204ee4412efe6c5a8ea787 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 10 Aug 2022 16:58:07 -0700 Subject: [PATCH 25/58] SHIBUI-2267 Filling in the missing display title and tooltip --- .../main/resources/i18n/messages.properties | 2 + .../resources/i18n/messages_en.properties | 208 ++++++++++++++++-- 2 files changed, 189 insertions(+), 21 deletions(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 3b3e67e83..ab537ed03 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -439,6 +439,7 @@ label.attribute-eduPersonAssurance=eduPersonAssurance label.attribute-eduPersonUniqueId=eduPersonUniqueId label.attribute-employeeNumber=employeeNumber label.force-authn=Force AuthN +label.ignore-request-signatures=Ignore Request Signatures label.min-cache-duration=Min Cache Duration label.max-cache-duration=Max Cache Duration @@ -608,6 +609,7 @@ message.session-timeout=An error has occurred while saving. Your session may hav tooltip.entity-id=Entity ID tooltip.service-provider-name=Service Provider Name (Dashboard Display Only) tooltip.force-authn=Disallows use (or reuse) of authentication results and login flows that don\u0027t provide a real-time proof of user presence in the login process +tooltip.ignore-request-signatures=Whether to skip validation of signatures on requests when dealing with badly broken or incompetently operated services tooltip.service-provider-name-dashboard-display-only=Service Provider Name (Dashboard Display Only) tooltip.service-provider-entity-id=Service Provider Entity ID tooltip.organization-name=Organization Name diff --git a/backend/src/main/resources/i18n/messages_en.properties b/backend/src/main/resources/i18n/messages_en.properties index ca93cdbb3..ab537ed03 100644 --- a/backend/src/main/resources/i18n/messages_en.properties +++ b/backend/src/main/resources/i18n/messages_en.properties @@ -11,6 +11,7 @@ action.dashboard=Dashboard action.logout=Logout +action.logged-in=Logged in as {username} action.add=Add action.add-new=Add New action.add-new-provider=Add a new metadata provider @@ -41,6 +42,7 @@ action.copy=Copy action.choose-file=Choose File action.search-by=Search By action.preview=Preview +action.preview-xml=Preview XML action.select-metadata-filter-type=Select a metadata filter type action.add-authentication-method=Add Authentication Method action.move-up=Move Up @@ -48,9 +50,38 @@ action.move-down=Move Down action.edit=Edit action.add-filter=Add Filter action.manage-filters=Manage Filters +action.version-history=Version History +action.options=Options +action.xml=XML +action.manage=Manage +action.close=Close +action.back-to-top=Back to Top +action.restore=Restore +action.view-only-changes=View Only Changes +action.user-role=User Role +action.toggle-view=Toggle view +action.advanced=Advanced +action.add-new-attribute=Add new attribute +action.add-new-group=Add new group +action.add-attribute=Add attribute +action.custom-entity-attributes=Custom entity attributes +action.groups=Groups +action.source-group=Group +action.enable=Enable +action.disable=Disable +action.get-latest=Get latest changes + +action.add-new-role=Add new role +action.roles=Roles +action.source-role=Role +action.select-bundle=Select Bundle + +action.get-latest=Get latest value.enabled=Enabled value.disabled=Disabled +value.current=Current +value.not-current=Not Current value.none=None value.file=File value.memory=Memory @@ -80,11 +111,23 @@ value.dynamic-http-metadata-provider=DynamicHttpMetadataProvider value.entity-attributes-filter=EntityAttributes Filter value.spdescriptor=SPSSODescriptor value.attr-auth-descriptor=AttributeAuthorityDescriptor -value.dynamic-http-metadata-provider=DynamicHttpMetadataProvider -value.local-dynamic-metadata-provider=LocalDynamicMetadataProvider value.md-query-protocol=MetadataQueryProtocol value.template=Template +value.string=String +value.boolean=Boolean +value.list=List +value.long=Long +value.double=Double +value.duration=Duration +value.spring-bean-id=Spring Bean ID +value.BOOLEAN=Boolean +value.SELECTION_LIST=List +value.STRING=String +value.LONG=Long +value.DOUBLE=Double +value.DURATION=Duration +value.SPRING_BEAN_ID=Spring Bean ID brand.header.title=Source Management brand.logo-link-label=Shibboleth @@ -106,6 +149,41 @@ brand.and=and heading.shibboleth=Shibboleth +label.source-configuration=Metadata Source Configuration +label.provider-configuration=Metadata Provider Configuration +label.entity-attribute-name=Custom Entity Attribute Name +tooltip.entity-attribute-name=Custom Entity Attribute Name +label.entity-attribute-type=Attribute Type +tooltip.entity-attribute-type=Attribute Type +label.entity-attribute-help=Help Text +tooltip.entity-attribute-help=Help Text +label.entity-attribute-default=Default Value +tooltip.entity-attribute-default=Default Value +label.entity-attribute-list-options=List options +tooltip.entity-attribute-list-options=List options +label.entity-attribute-friendly-name=Friendly name +tooltip.entity-attribute-friendly-name=Friendly name +label.entity-attribute-attr-name=Attribute name +tooltip.entity-attribute-attr-name=This is normally a uri or urn +label.entity-attribute-display-name=Display name +tooltip.entity-attribute-display-name=Display name + +label.entity-attribute-persist-value=Persist Value +label.entity-attribute-persist-type=Persist Type +tooltip.entity-attribute-persist-value=Persist Value +tooltip.entity-attribute-persist-type=Persist Type +label.entity-attribute-invert=Invert +tooltip.entity-attribute-invert=Invert + +label.entity-attributes=Entity Attributes +label.custom-entity-attributes=Custom Entity Attributes +label.help-text=Help text +label.default-value=Default Value +label.groups-management=Groups Management +label.new-group=New Group +label.new-attribute=New Custom Entity Attribute +label.edit-group=Edit Group + label.metadata-source=Metadata Source label.metadata-sources=Metadata Sources label.metadata-provider=Metadata Provider @@ -128,6 +206,8 @@ label.new-endpoint=New Endpoint label.select-binding=Select Binding Type label.mark-as-default=Mark as Default label.attribute-name=Attribute Name +label.group-name=Group Name +label.group-description=Group Description label.yes=Yes label.check-all-attributes=Check All Attributes label.clear-all-attributes=Clear All Attributes @@ -136,7 +216,7 @@ label.select-protocol=Select Protocol label.nameid-format=NameID Format label.nameid-formats=NameID Formats label.name-and-entity-id=Name and Entity ID -label.organization-information=Organization Information +label.organization-information=SP/Organization Information label.contact-information=Contact Information label.given-name=Given Name label.contact-type=Contact Type @@ -202,7 +282,7 @@ label.add-a-new-metadata-source=Add a new metadata source - Finish Summary label.name-and-entityid=Name and Entity ID. label.finish-summary-validation=Finished! label.select-entity-id-to-copy=Select the Entity ID to copy -label.metadata-source-name-dashboard-display-only=Service Provider Name (Dashboard Display Only) +label.metadata-source-name-dashboard-display-only=Metadata Source Name (Dashboard Display Only) label.new-entity-id=New Entity ID label.sections-to-copy=Sections to Copy? label.add-a-new-metadata-resolver=Add a new metadata source @@ -236,6 +316,11 @@ label.filter-name=Filter Name label.filter-enabled=Filter Enabled label.filter-target=FilterTarget label.filter-type=Filter Type +label.filter-target-type=Filter Target Type +label.filter-target-value=Filter Target Value +label.target=Filter Target +label.option=Option +label.options=Options label.value=Value label.binding-type=Binding Type label.sign-assertion=Sign Assertions @@ -257,12 +342,16 @@ label.make-default=Make Default label.metadata-provider-name-dashboard-display-only=Metadata Provider Name (Dashboard Display Only) label.default-authentication-methods=Default Authentication Method(s) label.new-of-type=New { type } +label.filters=Filters +label.attributes=Attributes +label.metadata-resolver-id=Metadata Resolver ID label.metadata-filter-name=Metadata Filter Name (Dashboard Display Only) label.filter-enable=Enable this Filter? label.search-criteria=Search Criteria label.metadata-filter=Metadata Filter label.metadata-filter-type=Metadata Filter Type +label.filter-versions=Filter Versions label.http-connection-attributes=HTTP Connection Attributes label.http-security-attributes=HTTP Security Attributes @@ -321,6 +410,7 @@ label.remove-roleless-entity-descriptors=Remove Roleless Entity Descriptors? label.remove-empty-entities-descriptors=Remove Empty Entities Descriptors? label.select-metadata-provider-type=Select Metadata Provider Type +label.select-metadata-filter-type=Select Metadata Filter Type label.filter-list=Filter List label.common-attributes=Common Attributes label.reloading-attributes=Reloading Attributes @@ -328,7 +418,6 @@ label.dynamic-attributes=Dynamic Attributes label.metadata-filter-plugins=Metadata Filter Plugins label.advanced-settings=Advanced Settings label.edit-metadata-provider=Edit Metadata Provider -label.edit-metadata-source=Edit Metadata Source label.http-settings-advanced=Http Settings (Advanced) label.metadata-ui=User Interface / MDUI Information @@ -350,8 +439,8 @@ label.attribute-eduPersonAssurance=eduPersonAssurance label.attribute-eduPersonUniqueId=eduPersonUniqueId label.attribute-employeeNumber=employeeNumber label.force-authn=Force AuthN +label.ignore-request-signatures=Ignore Request Signatures -label.dynamic-attributes=Dynamic Attributes label.min-cache-duration=Min Cache Duration label.max-cache-duration=Max Cache Duration label.max-idle-entity-data=Max Idle Entity Data @@ -379,31 +468,86 @@ label.nameid-formats-type=NameID Type label.select-filter-type=Select Filter Type label.admin=Admin -label.action-required=Action Required -label.user-access-request=User Access Request label.user-maintenance=User Maintenance label.user-id=UserId label.email=Email -label.role=Role label.delete=Delete? -label.delete-request=Delete Request -label.enable=Enable -label.disable=Disable -label.enable-metadata-sources=Enable Metadata Sources +label.title=Title +label.enabled=Enabled +label.disabled=Disabled +label.author=Author +label.creation-date=Creation Date +label.order=Order +label.provider-type=Provider Type +label.version-history=Version History +label.metadata-resolver-history=Metadata resolver history +label.metadata-version-history=Metadata Version History +label.select-version=Select Version +label.version=Version +label.save-date=Save Date +label.changed-by=Changed By +label.actions=Actions +label.check-to-select=Check to select +label.current=Current +label.restore=Restore +label.compare-selected=Compare Selected +label.restore-version=Restore Version ({ date }) +label.group=Group + +label.saved=Saved +label.by=By label.source=Metadata Source label.provider=Metadata Provider +label.url-validation-regex=URL validation regular expression +tooltip.url-validation-regex=URL validation regular expression + +label.bundle-name=Bundle name +label.bundle-disp=Bundle - {name} +action.add-new-bundle=Add bundle +tooltip.bundle-name=A user friendly name to identify the bundle +action.attribute-bundles=Attribute bundles +label.new-attribute-bundle=New attribute bundle +label.edit-attribute-bundle=Edit attribute bundle +label.bundled-attributes=Bundled Attributes +label.attribute-bundles=Attribute Bundles +message.user-role-admin-group=Cannot change group for ROLE_ADMIN users. + +label.roles-management=Role Management +label.new-role=New Role +label.edit-role=Edit Role +label.role-name=Role Name +label.role-description=Role Description +label.role=Role + +message.delete-role-title=Delete Role? + +message.delete-role-body=You are requesting to delete a role. If you complete this process the role will be removed. This cannot be undone. Do you wish to continue? +message.duration=Requires a valid ISO 8601 duration (ex. PT2D) + message.delete-user-title=Delete User? message.delete-user-body=You are requesting to delete a user. If you complete this process the user will be removed. This cannot be undone. Do you wish to continue? +message.delete-group-title=Delete Group? +message.delete-group-body=You are requesting to delete a group. If you complete this process the group will be removed. This cannot be undone. Do you wish to continue? + +message.delete-attribute-title=Delete Attribute? +message.delete-attribute-body=You are requesting to delete a custom attribute. If you complete this process the attribute will be removed. This cannot be undone. Do you wish to continue? + +message.group-pattern-fail=Pattern must match group url validation pattern: {regex} + message.must-be-unique=Must be unique. +message.must-be-number=Must be a number. message.name-must-be-unique=Name must be unique. message.uri-valid-format=URI must be valid format. message.id-unique=ID must be unique. +message.name-unique=Service provider name must be unique. message.array-items-must-be-unique=Items in list must be unique. -message.real-number=Optional. If using a value, must be a real number between 0-1. +message.valid-duration=Must be a valid duration. +message.valid-name=No special characters or whitespace allowed. +message.required=Missing required property. message.org-name-required=Organization Name is required. message.org-displayName-required=Organization Name is required. @@ -413,11 +557,13 @@ message.org-incomplete=These three fields must all be entered if any single fiel message.type-required=Missing required property: Type message.match-required=Missing required property: Match message.value-required=Missing required property: Value -message.required=Missing required property. + +message.protocol-support-required=Protocol Support Enumeration is required if any NameID formats are defined. message.conflict=Conflict message.data-version-contention=Data Version Contention message.contention-new-version=A newer version of this metadata source has been saved. Below are a list of changes. You can use your changes or their changes. +message.contention-error=There was a problem saving due to a mismatched version. message.organization-feedback=These three fields must all be entered if any single field has a value. message.valid-email=Must be a valid Email Address message.valid-url=Must be a valid URL @@ -446,14 +592,24 @@ message.required-for-regex=Required for Regex message.file-doesnt-exist=The requested file to be processed does not exist on the server. message.database-constraint=There was a database constraint problem processing the request. Check the request to ensure that fields that must be unique are truly unique. -message.user-request-received-title=User request received -message.user-request-received-body=Your request has been received and is being reviewed. You will be notified with access status. +message.no-filters=No Filters +message.no-filters-added=No filters have been added to this Metadata Provider + +message.create-new-version-from-version=Create New Version from Previous Settings +message.restoring-this-version-will-copy=Restoring this version will copy the Version ({ date }) configuration and create a new Version from the selected version settings. You can then edit the configuration before saving the new version. -message.filter-fail=A server error occured, and the filter failed to save. +message.invalid-regex-pattern=Invalid Regular Expression + +message.invalid-signing=Unless the response or the assertions are signed, SAML security is compromised and the service should reject the SAML response. (If it doesn\u0027t, investigate, as that is serious unless the HTTP-Artifact binding is in use.) + +message.session-timeout-heading=Session timed out +message.session-timeout-body=Your session has timed out. Please login again. +message.session-timeout=An error has occurred while saving. Your session may have timed out. tooltip.entity-id=Entity ID tooltip.service-provider-name=Service Provider Name (Dashboard Display Only) tooltip.force-authn=Disallows use (or reuse) of authentication results and login flows that don\u0027t provide a real-time proof of user presence in the login process +tooltip.ignore-request-signatures=Whether to skip validation of signatures on requests when dealing with badly broken or incompetently operated services tooltip.service-provider-name-dashboard-display-only=Service Provider Name (Dashboard Display Only) tooltip.service-provider-entity-id=Service Provider Entity ID tooltip.organization-name=Organization Name @@ -468,13 +624,15 @@ tooltip.mark-as-default=Mark as Default tooltip.protocol-support-enumeration=Protocol Support Enumeration tooltip.nameid-format=Content is name identifier format which is added to all the applicable roles of the entities which match any of the following or {{}}elements. tooltip.enable-this-service-upon-saving=If checkbox is clicked, the metadata provider is enabled for integration with the IdP +tooltip.is-there-a-x509-certificate=Is there a X509 Certificate? tooltip.authentication-requests-signed=Authentication Requests Signed tooltip.want-assertions-signed=Want Assertions Signed tooltip.certificate-name=Certificate Name tooltip.certificate-type=Certificate Type tooltip.certificate=Certificate -tooltip.logout-endpoints-url=Logout Endpoints Url -tooltip.logout-endpoints-binding-type=Logout Endpoints Binding Type +tooltip.logout-endpoints=Logout Endpoints +tooltip.url=Logout Endpoints Url +tooltip.binding-type=Logout Endpoints Binding Type tooltip.mdui-display-name=Typically, the IdP Display Name field will be presented on IdP discovery service interfaces. tooltip.mdui-information-url=The IdP Information URL is a link to a comprehensive information page about the IdP. This page should expand on the content of the IdP Description field. tooltip.mdui-description=The IdP Description is a brief description of the IdP service. On a well-designed discovery interface, the IdP Description will be presented to the user in addition to the IdP Display Name, and so the IdP Description helps disambiguate duplicate or similar IdP Display Names. @@ -563,4 +721,12 @@ tooltip.match=A regular expression against which the entityID is evaluated. tooltip.remove-existing-formats=Whether to remove any existing formats from a role if any are added by the filter (unmodified roles will be untouched regardless of this setting) tooltip.nameid-formats-format=Format tooltip.nameid-formats-value=Value -tooltip.nameid-formats-type=Type \ No newline at end of file +tooltip.nameid-formats-type=Type + +tooltip.group-name=Group Name +tooltip.group-description=Group Description + +tooltip.role-name=Role Name +tooltip.role-description=Role Description + +tooltip.contact-information=Contact Information \ No newline at end of file From 7ecbcedf22202d2f58d03b6e29d71108110ed4fd Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 10 Aug 2022 17:09:39 -0700 Subject: [PATCH 26/58] SHIBUI-2267 Updated files so that new override is part of the default set --- .../resources/entity-attributes-filters-ui-schema.json | 5 +++++ .../CustomPropertiesConfigurationTests.groovy | 8 ++++---- .../src/test/resources/entity-descriptor-json-schema.json | 3 +++ .../assets/schema/filter/entity-attributes.schema.json | 7 ++++++- ui/public/assets/schema/source/metadata-source.json | 8 +++++++- 5 files changed, 25 insertions(+), 6 deletions(-) diff --git a/backend/src/main/resources/entity-attributes-filters-ui-schema.json b/backend/src/main/resources/entity-attributes-filters-ui-schema.json index 1db03af99..66d6018df 100644 --- a/backend/src/main/resources/entity-attributes-filters-ui-schema.json +++ b/backend/src/main/resources/entity-attributes-filters-ui-schema.json @@ -90,6 +90,11 @@ "description": "tooltip.force-authn", "type": "boolean" }, + "ignoreRequestSignatures": { + "title": "label.ignore-request-signatures", + "description": "tooltip.ignore-request-signatures", + "type": "boolean" + }, "omitNotBefore": { "title": "label.omit-not-before-condition", "type": "boolean", diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfigurationTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfigurationTests.groovy index 4113b372c..9e13dd370 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfigurationTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfigurationTests.groovy @@ -25,7 +25,7 @@ class CustomPropertiesConfigurationTests extends AbstractBaseDataJpaTest { expect: ceadService.getAllDefinitions().size() == 0 - configUnderTest.getOverrides().size() == 10 + configUnderTest.getOverrides().size() == 11 def ca = new CustomEntityAttributeDefinition().with { it.name = "newDefName" @@ -38,7 +38,7 @@ class CustomPropertiesConfigurationTests extends AbstractBaseDataJpaTest { entityManager.flush() ceadService.getAllDefinitions().size() == 1 - configUnderTest.getOverrides().size() == 11 + configUnderTest.getOverrides().size() == 12 def ca2 = new CustomEntityAttributeDefinition().with { it.name = "newDefName2" @@ -51,12 +51,12 @@ class CustomPropertiesConfigurationTests extends AbstractBaseDataJpaTest { entityManager.flush() ceadService.getAllDefinitions().size() == 2 - configUnderTest.getOverrides().size() == 12 + configUnderTest.getOverrides().size() == 13 ceadService.deleteDefinition(ca) entityManager.flush() ceadService.getAllDefinitions().size() == 1 - configUnderTest.getOverrides().size() == 11 + configUnderTest.getOverrides().size() == 12 } } \ No newline at end of file diff --git a/backend/src/test/resources/entity-descriptor-json-schema.json b/backend/src/test/resources/entity-descriptor-json-schema.json index cb9e3a46c..db40ba086 100644 --- a/backend/src/test/resources/entity-descriptor-json-schema.json +++ b/backend/src/test/resources/entity-descriptor-json-schema.json @@ -243,6 +243,9 @@ "omitNotBefore": { "type": "boolean" }, + "ignoreRequestSignatures": { + "type": "boolean" + }, "responderId": { "type": "string" }, diff --git a/ui/public/assets/schema/filter/entity-attributes.schema.json b/ui/public/assets/schema/filter/entity-attributes.schema.json index e754c4983..84b341606 100644 --- a/ui/public/assets/schema/filter/entity-attributes.schema.json +++ b/ui/public/assets/schema/filter/entity-attributes.schema.json @@ -92,6 +92,11 @@ "description": "tooltip.ignore-auth-method", "type": "boolean" }, + "ignoreRequestSignatures": { + "title": "label.ignore-request-signatures", + "description": "tooltip.ignore-request-signatures", + "type": "boolean" + }, "omitNotBefore": { "title": "label.omit-not-before-condition", "description": "tooltip.omit-not-before-condition", @@ -178,4 +183,4 @@ } } } -} \ No newline at end of file +} diff --git a/ui/public/assets/schema/source/metadata-source.json b/ui/public/assets/schema/source/metadata-source.json index 0a2f6baba..7348000d7 100644 --- a/ui/public/assets/schema/source/metadata-source.json +++ b/ui/public/assets/schema/source/metadata-source.json @@ -194,6 +194,12 @@ "type": "boolean", "default": false }, + "ignoreRequestSignatures": { + "title": "label.ignore-request-signatures", + "description": "tooltip.ignore-request-signatures", + "type": "boolean", + "default": false + }, "useSha": { "title": "label.use-sha1-signing-algorithm", "description": "tooltip.usa-sha-algorithm", @@ -640,4 +646,4 @@ } } } -} \ No newline at end of file +} From 70601bc297312358b65819db33d3193f9fe2cb26 Mon Sep 17 00:00:00 2001 From: Charles Hasegawa Date: Fri, 12 Aug 2022 15:11:07 +0000 Subject: [PATCH 27/58] README.md edited online with Bitbucket --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index c34cf18bc..3afd1b078 100644 --- a/README.md +++ b/README.md @@ -91,10 +91,6 @@ spring.h2.console.enabled=true #spring.datasource.tomcat.initialSize=50 #spring.datasource.tomcat.validationQuery=select 1 -# Liquibase properties -liquibase.enabled=false -#liquibase.change-log=classpath:edu/internet2/tier/shibboleth/admin/ui/database/masterchangelog.xml - # Hibernate properties # for production never ever use create, create-drop. It's BEST to use validate spring.jpa.hibernate.ddl-auto=create From 3bbe5893edaa7d0eda961a4e8c047f4c4ffaede5 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Fri, 12 Aug 2022 09:25:00 -0700 Subject: [PATCH 28/58] Updated tooltips --- backend/src/main/resources/external.schema.json | 4 ++-- backend/src/main/resources/i18n/messages.properties | 13 ++++++++----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/backend/src/main/resources/external.schema.json b/backend/src/main/resources/external.schema.json index daa8c4503..8efb9141e 100644 --- a/backend/src/main/resources/external.schema.json +++ b/backend/src/main/resources/external.schema.json @@ -35,8 +35,8 @@ "default": false }, "description": { - "title": "label.description", - "description": "tooltip.description", + "title": "label.external-description", + "description": "tooltip.external-description", "type": "string" } } diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index ef550b934..ed0a55465 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -632,10 +632,10 @@ tooltip.assertion-consumer-service-location-binding=The binding attribute of the tooltip.assertion-consumer-service-endpoints=An Assertion Consumer Service (or ACS) is SAML terminology for the location at a ServiceProvider that accepts messages (or SAML artifacts) for the purpose of establishing a session based on an assertion. tooltip.mark-as-default=Whether to mark this endpoint as the default by setting the "isDefault" property. tooltip.protocol-support-enumeration=This attribute contains a space-delimited collection of URIs that represent general classes of protocol support for the role in question. There are URIs defined by the various standards and profiles to represent the fact that an entity acting in a role "supports" a particular protocol family, such as SAML 2.0 or the Shibboleth profile of SAML 1.1. -tooltip.nameid-format=Content is name identifier format which is added to all the applicable roles of the entities which match any of the following or elements. +tooltip.nameid-format=Contains all name identifiers which are added to all applicable roles of the entities that match any of the following or elements. tooltip.enable-this-service-upon-saving=If checkbox is clicked, the metadata is enabled for integration with the IdP tooltip.is-there-a-x509-certificate=Is there a X509 Certificate? -tooltip.authentication-requests-signed=Whether to sign requests. +tooltip.authentication-requests-signed=Whether to sign requests. Signing requests helps to verify that the request from the SP is authentic. tooltip.want-assertions-signed=Whether to sign assertions. Element declares that the service provider wants the element to be digitally signed. tooltip.certificate-name=Value used by the IDP UI to identify certificates. tooltip.certificate-type=Describes the use to which the credential will be put (as defined by the SAML standard) @@ -656,7 +656,7 @@ tooltip.contact-name=The given name of the contact. tooltip.contact-type=Type / role of the contact. tooltip.contact-email=Email address of the contact. tooltip.sign-assertion=Sign Assertion declares that the service provider wants the element to be digitally signed. -tooltip.dont-sign-response=Don\u0027t Sign Response. +tooltip.dont-sign-response=Do not sign the full authentication response to the service provider. Enabling this property will reduce the size of the response to service providers who may have limitations to the size of the response. tooltip.turn-off-encryption=Whether to turn off encryption of the response. tooltip.usa-sha-algorithm=Whether to use the SHA1 Signing Algorithm. tooltip.authentication-methods-to-use=The method used to authenticate the subject. @@ -716,7 +716,7 @@ tooltip.max-cache-duration=The maximum duration for which metadata will be cache tooltip.max-idle-entity-data=The maximum duration for which metadata will be allowed to be idle (no requests for it) before it is removed from the cache. tooltip.cleanup-task-interval=The interval at which the internal cleanup task should run. This task performs background maintenance tasks, such as the removal of expired and idle metadata. tooltip.persistent-cache-manager-directory=The optional manager for the persistent cache store for resolved metadata. On metadata provider initialization, data present in the persistent cache will be loaded to memory, effectively restoring the state of the provider as closely as possible to that which existed before the previous shutdown. Each individual cache entry will only be loaded if 1) the entry is still valid as determined by the internal provider logic, and 2) the entry passes the (optional) predicate supplied via initializationFromCachePredicateRef. -tooltip.initialize-from-persistent-cache-in-background=Flag indicating whether should initialize from the persistent cache in the background. Initializing from the cache in the background will improve IdP startup times. +tooltip.initialize-from-persistent-cache-in-background=Flag indicating whether system should initialize from the persistent cache in the background. Initializing from the cache in the background will improve IdP startup times. tooltip.background-init-from-cache-delay=The delay after which to schedule the background initialization from the persistent cache when initializeFromPersistentCacheInBackground=true. tooltip.source-directory=Convenience mechanism for wiring a FilesystemLoadSaveManager, loading from the specified source directory in the local filesystem. This attribute will be ignored if sourceManagerRef is also specified. Either this attribute or sourceManagerRef is required. @@ -741,4 +741,7 @@ tooltip.group-description=A description of the purpose of the group. tooltip.role-name=A user friendly name used to identify the role. tooltip.role-description=A description of the purpose of the role. -tooltip.contact-information=Contacts provide information about how to contact the organization responsible for standing up the entity. \ No newline at end of file +tooltip.contact-information=Add a contact to organization information. Contacts provide information about how to contact the organization responsible for standing up the entity. + +label.external-description=Description +tooltip.external-description=A brief description of the purpose of this filter. \ No newline at end of file From f9e345da7ddc97ad947dee679390d8cde08d4c2c Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Fri, 12 Aug 2022 10:00:47 -0700 Subject: [PATCH 29/58] Updated tooltips --- backend/src/main/resources/i18n/messages.properties | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index ed0a55465..6002afbcc 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -158,7 +158,7 @@ tooltip.entity-attribute-type=Data type of the attribute such as boolean or stri label.entity-attribute-help=Help Text tooltip.entity-attribute-help=Defines help text used in the Shibboleth IDP UI when adding the attribute. label.entity-attribute-default=Default Value -tooltip.entity-attribute-default=The default value of the attribute. +tooltip.entity-attribute-default=The default value used when no value is provided. label.entity-attribute-list-options=List options tooltip.entity-attribute-list-options=A list of pre-defined selectable options for a user to select from in the Shibboleth IDP UI. label.entity-attribute-friendly-name=Friendly name @@ -170,10 +170,10 @@ tooltip.entity-attribute-display-name=Provides a human readable value that ident label.entity-attribute-persist-value=Persist Value label.entity-attribute-persist-type=Persist Type -tooltip.entity-attribute-persist-value=Persist Value +tooltip.entity-attribute-persist-value=The value that is persisted in the database. tooltip.entity-attribute-persist-type=Persist Type label.entity-attribute-invert=Invert -tooltip.entity-attribute-invert=Invert +tooltip.entity-attribute-invert=Whether to invert the boolean value (true means false, false means true). label.entity-attributes=Entity Attributes label.custom-entity-attributes=Custom Entity Attributes From 9aba9fcbcd95fd07cb0b97cb65df4121c0ad3bc7 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Fri, 12 Aug 2022 10:03:56 -0700 Subject: [PATCH 30/58] Updated tooltips --- backend/src/main/resources/i18n/messages.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 6002afbcc..c0433d99a 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -658,7 +658,7 @@ tooltip.contact-email=Email address of the contact. tooltip.sign-assertion=Sign Assertion declares that the service provider wants the element to be digitally signed. tooltip.dont-sign-response=Do not sign the full authentication response to the service provider. Enabling this property will reduce the size of the response to service providers who may have limitations to the size of the response. tooltip.turn-off-encryption=Whether to turn off encryption of the response. -tooltip.usa-sha-algorithm=Whether to use the SHA1 Signing Algorithm. +tooltip.usa-sha-algorithm=Whether to use the SHA1 Signing Algorithm. In cryptography, SHA-1 (Secure Hash Algorithm 1) is cryptographically broken but still widely used. It takes an input and produces a 160-bit (20-byte) hash value. tooltip.authentication-methods-to-use=The method used to authenticate the subject. tooltip.ignore-auth-method=Whether to ignore any SP-Requested Authentication Method. tooltip.omit-not-before-condition=Whether to include a NotBefore attribute in assertions. From 42d1ed3611f6cb74f556205dd978b0ff5bde09bc Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Fri, 12 Aug 2022 10:08:44 -0700 Subject: [PATCH 31/58] Updated tooltips --- backend/src/main/resources/i18n/messages.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index c0433d99a..51b0cf332 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -292,7 +292,7 @@ label.or=or label.name-and-upload-url=Name and Upload Url label.service-resolver-file=Select Provider Metadata File label.service-resolver-metadata-url=Service Provider Metadata URL -label.search-criteria-by=Search Criteria by { displayType } +label.search-criteria-by=The value used to search against, such as a regex pattern or entityID to match against. label.entity-ids-added=Entity Ids Added label.ui-mdui-info=User Interface / MDUI Information label.sp-sso-descriptor-info=SP SSO Descriptor Information @@ -312,7 +312,7 @@ label.contact=Contact label.mdui=MDUI Information label.service-provider-sso-descriptor=Service Provider Sso Descriptor label.service-enabled=Service Enabled -label.filter-name=Filter Name +label.filter-name=A name given to this filter to identify it within the Shibboleth IDP UI (used for display purposes only). label.filter-enabled=Filter Enabled label.filter-target=FilterTarget label.filter-type=Filter Type From 5bd0e2138de520486178133c016356e30691eba5 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Mon, 15 Aug 2022 08:02:59 -0700 Subject: [PATCH 32/58] Property list --- .../main/resources/i18n/messages.properties | 2 +- .../schema/configuration/configuration.json | 37 + .../assets/schema/properties/property.json | 30 - ui/public/data/properties.json | 659 ++++++++++++++++++ ui/src/app/App.js | 6 +- .../{Properties.js => IdpConfiguration.js} | 20 +- .../{PropertyForm.js => ConfigurationForm.js} | 15 +- .../{PropertyList.js => ConfigurationList.js} | 12 +- .../{EditProperty.js => EditConfiguration.js} | 8 +- .../{NewProperty.js => NewConfiguration.js} | 8 +- ...sProvider.js => ConfigurationsProvider.js} | 2 +- ui/src/app/core/components/Header.js | 4 +- ui/src/app/core/components/ProtectRoute.js | 8 +- 13 files changed, 735 insertions(+), 76 deletions(-) create mode 100644 ui/public/assets/schema/configuration/configuration.json delete mode 100644 ui/public/assets/schema/properties/property.json create mode 100644 ui/public/data/properties.json rename ui/src/app/admin/{Properties.js => IdpConfiguration.js} (54%) rename ui/src/app/admin/component/{PropertyForm.js => ConfigurationForm.js} (75%) rename ui/src/app/admin/container/{PropertyList.js => ConfigurationList.js} (89%) rename ui/src/app/admin/container/{EditProperty.js => EditConfiguration.js} (94%) rename ui/src/app/admin/container/{NewProperty.js => NewConfiguration.js} (91%) rename ui/src/app/admin/hoc/{PropertiesProvider.js => ConfigurationsProvider.js} (94%) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 3b3e67e83..c33e3b4a1 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -646,7 +646,7 @@ tooltip.dont-sign-response=Don\u0027t Sign Response tooltip.turn-off-encryption=Turn Off Encryption of Response tooltip.usa-sha-algorithm=Use SHA1 Signing Algorithm tooltip.authentication-methods-to-use=Authentication Methods to Use -tooltip.ignore-auth-method=Ignore any SP-Requested Authentication Method +tooltip.ignore-auth-method=Reject any AuthnReuests from this SP that contain an explicitly requested AuthnContext class tooltip.omit-not-before-condition=Omit Not Before Condition tooltip.responder-id=ResponderId tooltip.instruction=Information icon diff --git a/ui/public/assets/schema/configuration/configuration.json b/ui/public/assets/schema/configuration/configuration.json new file mode 100644 index 000000000..6694bcf25 --- /dev/null +++ b/ui/public/assets/schema/configuration/configuration.json @@ -0,0 +1,37 @@ +{ + "type": "object", + "properties": { + "properties": { + "title": "label.configuration-properties", + "description": "label.configuration-properties", + "type": "array", + "required": ["property", "value"], + "items": { + "type": "object", + "properties": { + "property": { + "title": "label.property-key", + "description": "tooltip.property-key", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "description": { + "title": "label.property-descr", + "description": "tooltip.property-descr", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "value": { + "title": "label.property-value", + "description": "tooltip.property-value", + "type": "string", + "minLength": 1, + "maxLength": 255 + } + } + } + } + } +} diff --git a/ui/public/assets/schema/properties/property.json b/ui/public/assets/schema/properties/property.json deleted file mode 100644 index f0e90ff49..000000000 --- a/ui/public/assets/schema/properties/property.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "type": "object", - "required": [ - "property", - "value" - ], - "properties": { - "property": { - "title": "label.property-key", - "description": "tooltip.property-key", - "type": "string", - "minLength": 1, - "maxLength": 255 - }, - "description": { - "title": "label.property-descr", - "description": "tooltip.property-descr", - "type": "string", - "minLength": 1, - "maxLength": 255 - }, - "value": { - "title": "label.property-value", - "description": "tooltip.property-value", - "type": "string", - "minLength": 1, - "maxLength": 255 - } - } -} \ No newline at end of file diff --git a/ui/public/data/properties.json b/ui/public/data/properties.json new file mode 100644 index 000000000..a022a4fd5 --- /dev/null +++ b/ui/public/data/properties.json @@ -0,0 +1,659 @@ +[ +{"note":"ex. /conf/ldap.properties, /conf/services.properties","property_name":"idp.additionalProperties","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set."}, +{"note":"","property_name":"idp.searchForProperties","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-load all files matching conf/**/*.properties"}, +{"note":"ex. https://unicon.net/idp/shibboleth","property_name":"idp.entityID","idp_vers":"all","property_default_value":"none","property_type":"URI","module_vers":"","configuration_cat":"RP","module":"","description":"The unique name of the IdP used as the iisuer in all SAML profiles"}, +{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, +{"note":"","property_name":"idp.artifact.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether to allow use of the SAML artifact bindings when sending messages"}, +{"note":"","property_name":"idp.artifact.secureChannel","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)"}, +{"note":"","property_name":"idp.artifact.endpointIndex","idp_vers":"all","property_default_value":"2","property_type":"int","module_vers":"","configuration_cat":"RP","module":"","description":"Identifies the endpoint in SAML metadata associated with artifacts issued by a server node"}, +{"note":"","property_name":"idp.artifact.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)"}, +{"note":"","property_name":"idp.bindings.inMetadataOrder","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout."}, +{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"file pathname","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, +{"note":"","property_name":"idp.scope","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"applies a (fixed) scope typically a domain-valued suffix to an input attribute's values"}, +{"note":"","property_name":"idp.cookie.secure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will be limited to TLS"}, +{"note":"","property_name":"idp.cookie.httpOnly","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property"}, +{"note":"","property_name":"idp.cookie.domain","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the domain of any cookies issued by the IdP (not including the container)"}, +{"note":"","property_name":"idp.cookie.path","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the path of any cookies issued by the IdP (not including the container)"}, +{"note":"","property_name":"idp.cookie.maxAge","idp_vers":"all","property_default_value":"31536000","property_type":"int","module_vers":"","configuration_cat":"SEC","module":"","description":"Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)"}, +{"note":"","property_name":"idp.cookie.sameSite","idp_vers":"all","property_default_value":"None","property_type":"Null/None/Lax/Strict","module_vers":"","configuration_cat":"SEC","module":"","description":"Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified"}, +{"note":"","property_name":"idp.cookie.sameSiteCondition","idp_vers":"all","property_default_value":"shibboleth.Conditions.FALSE","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SEC","module":"","description":"Predicate condition bean controlling whether SameSite filter runs"}, +{"note":"","property_name":"idp.sealer.keyStrategy","idp_vers":"all","property_default_value":"shibboleth.DataSealerKeyStrategy","property_type":"Bean ID of DataSealerKeyStrategy","module_vers":"","configuration_cat":"SEC","module":"","description":"Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option."}, +{"note":"","property_name":"idp.sealer.storeType","idp_vers":"all","property_default_value":"JCEKS","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Type of Java keystore used for IdP's internal AES encryption key"}, +{"note":"","property_name":"idp.sealer.updateInterval","idp_vers":"all","property_default_value":"PT15M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Time between checks for a new AES key version"}, +{"note":"","property_name":"idp.sealer.aliasBase","idp_vers":"all","property_default_value":"secret","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)"}, +{"note":"","property_name":"idp.sealer.storeResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore resource containing AES encryption key usually a file path"}, +{"note":"","property_name":"idp.sealer.versionResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource that tracks the active AES encryption key version usually a file path"}, +{"note":"","property_name":"idp.sealer.storePassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore password unlocking AES encryption keystore typically set during installation"}, +{"note":"","property_name":"idp.sealer.keyPassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Key password unlocking AES encryption key typically set to the same as the previous property and set during installation"}, +{"note":"","property_name":"idp.signing.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing private key for signing typically a file in the credentials directory"}, +{"note":"","property_name":"idp.signing.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory"}, +{"note":"","property_name":"idp.encryption.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a private key for decryption typically a file in the credentials directory"}, +{"note":"","property_name":"idp.encryption.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory"}, +{"note":"","property_name":"idp.encryption.key.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate private key for decryption generally unused except while changing decryption keys"}, +{"note":"","property_name":"idp.encryption.cert.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate public key certificate generally unused except while changing decryption keys"}, +{"note":"","property_name":"idp.security.config","idp_vers":"all","property_default_value":"shibboleth.DefaultSecurityConfiguration","property_type":"Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SecurityConfiguration "}, +{"note":"","property_name":"idp.signing.config","idp_vers":"all","property_default_value":"shibboleth.SigningConfiguration.SHA256","property_type":"Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SignatureSigningConfiguration"}, +{"note":"","property_name":"idp.encryption.config","idp_vers":"all","property_default_value":"shibboleth.EncryptionConfiguration.CBC","property_type":"Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default EncryptionConfiguration"}, +{"note":"","property_name":"idp.encryption.optional","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true failure to locate an encryption key to use won't result in request failure "}, +{"note":"","property_name":"idp.encryption.keyagreement.metadata.defaultUseKeyWrap","idp_vers":"all","property_default_value":"Default","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration"}, +{"note":"","property_name":"idp.trust.signatures","idp_vers":"all","property_default_value":"shibboleth.ChainingSignatureTrustEngine","property_type":"Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify signatures"}, +{"note":"","property_name":"idp.trust.certificates","idp_vers":"all","property_default_value":"shibboleth.ChainingX509TrustEngine","property_type":"Bean ID of TrustEngine (org.opensaml.security.trust)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify TLS certificates"}, +{"note":"","property_name":"idp.policy.messageLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped messages"}, +{"note":"","property_name":"idp.policy.assertionLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped assertions"}, +{"note":"","property_name":"idp.policy.clockSkew","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default allowance for clock differences between systems"}, +{"note":"","property_name":"idp.security.basicKeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.BasicKeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the BasicKeyInfoGeneratorFactory used by default"}, +{"note":"","property_name":"idp.security.x509KeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.X509KeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the X509KeyInfoGeneratorFactory used by default"}, +{"note":"","property_name":"idp.csrf.enabled","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CSRF","module":"","description":"Enables CSRF protection"}, +{"note":"","property_name":"idp.csrf.token.parameter","idp_vers":"4","property_default_value":"csrf_token","property_type":"string","module_vers":"","configuration_cat":"CSRF","module":"","description":"Name of the HTTP parameter that stores the CSRF token"}, +{"note":"","property_name":"idp.hsts","idp_vers":"all","property_default_value":"max-age=0","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an HSTS response header"}, +{"note":"","property_name":"idp.frameoptions","idp_vers":"all","property_default_value":"DENY","property_type":"DENY/SAMEORIGIN","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an X-Frame-Options response header"}, +{"note":"","property_name":"idp.csp","idp_vers":"all","property_default_value":"frame-ancestors 'none'","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures a Content Security Policy response header"}, +{"note":"","property_name":"idp.webflows","idp_vers":"all","property_default_value":"%{idp.home}/flows","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-supplied webflows from"}, +{"note":"","property_name":"idp.views","idp_vers":"all","property_default_value":"%{idp.home}/views","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading."}, +{"note":"","property_name":"idp.errors.detailed","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to expose detailed error causes in status information provided to outside parties"}, +{"note":"","property_name":"idp.errors.signed","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)"}, +{"note":"","property_name":"idp.errors.defaultView","idp_vers":"all","property_default_value":"error","property_type":"string","module_vers":"","configuration_cat":"ERR","module":"","description":"The default view name to render for exceptions and events"}, +{"note":"","property_name":"idp.errors.excludedExceptions","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Properties (java.util.Properties)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class)."}, +{"note":"","property_name":"idp.errors.exceptionMappings","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Collection (java.util)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)"}, +{"note":"","property_name":"idp.storage.cleanupInterval","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"STOR","module":"","description":"Interval of background thread sweeping server-side storage for expired records"}, +{"note":"","property_name":"idp.storage.htmlLocalStorage","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether to use HTML Local Storage (if available) instead of cookies"}, +{"note":"","property_name":"idp.storage.clientSessionStorageName","idp_vers":"all","property_default_value":"shib_idp_session_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default per-session instance of the client storage service"}, +{"note":"","property_name":"idp.storage.clientPersistentStorageName","idp_vers":"all","property_default_value":"shib_idp_persistent_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default persistent instance of the client storage service"}, +{"note":"","property_name":"idp.replayCache.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for message replay checking (must be server-side)"}, +{"note":"","property_name":"idp.replayCache.strict","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether storage errors during replay checks should be treated as a replay"}, +{"note":"","property_name":"idp.session.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to enable the IdP's session tracking feature"}, +{"note":"","property_name":"idp.session.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientSessionStorageService","property_type":"Bean ID of StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"SESS","module":"","description":"Bean name of a storage implementation/configuration to use for IdP sessions"}, +{"note":"","property_name":"idp.session.cookieName","idp_vers":"4.2","property_default_value":"shib_idp_session","property_type":"string","module_vers":"","configuration_cat":"SESS","module":"","description":"Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)"}, +{"note":"","property_name":"idp.session.idSize","idp_vers":"all","property_default_value":"32","property_type":"int","module_vers":"","configuration_cat":"SESS","module":"","description":"Number of characters in IdP session identifiers"}, +{"note":"","property_name":"idp.session.consistentAddress","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to bind IdP sessions to IP addresses"}, +{"note":"","property_name":"idp.session.consistentAddressCondition","idp_vers":"all","property_default_value":"Direct string comparison","property_type":"BiPredicate","module_vers":"","configuration_cat":"SESS","module":"","description":"A 2-argument predicate that compares a bound session's address to a client address"}, +{"note":"","property_name":"idp.session.timeout","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Inactivity timeout policy for IdP sessions (must be non-zero)"}, +{"note":"","property_name":"idp.session.slop","idp_vers":"all","property_default_value":"0","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Extra time after expiration before removing SP sessions in case a logout is invoked"}, +{"note":"","property_name":"idp.session.maskStorageFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to hide storage failures from users during session cache reads/writes"}, +{"note":"","property_name":"idp.session.trackSPSessions","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)"}, +{"note":"","property_name":"idp.session.secondaryServiceIndex","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)"}, +{"note":"","property_name":"idp.session.defaultSPlifetime","idp_vers":"all","property_default_value":"PT2H","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting"}, +{"note":" ex. Password, MA, DUO","property_name":"idp.authn.flows","idp_vers":"all","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Required expression that identifies the login flows to globally enable"}, +{"note":" measured since first usage","property_name":"idp.authn.defaultLifetime","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default amount of time to allow reuse prior authentication flows"}, +{"note":" measured since last usage","property_name":"idp.authn.defaultTimeout","idp_vers":"all","property_default_value":"PT30M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default inactivity timeout to prevent reuse of prior authentication flows"}, +{"note":"","property_name":"idp.authn.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication"}, +{"note":"","property_name":"idp.authn.favorSSO","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to prioritize prior authentication results when an SP requests more than one possible matching method"}, +{"note":"","property_name":"idp.authn.rpui","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to populate information about the relying party into the tree for user interfaces during login and interceptors"}, +{"note":"","property_name":"idp.authn.identitySwitchIsError","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session."}, +{"note":"","property_name":"idp.authn.discoveryURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose"}, +{"note":"","property_name":"idp.authn.overrideRequestedAuthnContext","idp_vers":"4","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set."}, +{"note":"","property_name":"idp.consent.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientPersistentStorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of storage service used to store users' consent choices"}, +{"note":"","property_name":"idp.consent.attribute-release.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, +{"note":"","property_name":"idp.consent.attribute-release.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, +{"note":"","property_name":"idp.consent.attribute-release.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of attribute-release flow along with system default behavior"}, +{"note":"","property_name":"idp.consent.attribute-release.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, +{"note":"","property_name":"idp.consent.terms-of-use.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, +{"note":"","property_name":"idp.consent.terms-of-use.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, +{"note":"","property_name":"idp.consent.terms-of-use.consentValueMessageCodeSuffix","idp_vers":"all","property_default_value":".text","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Suffix of message property used as value of consent storage records when idp.consent.compareValues is true"}, +{"note":"","property_name":"idp.consent.terms-of-use.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of terms-of-use flow"}, +{"note":"","property_name":"idp.consent.terms-of-use.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, +{"note":"","property_name":"idp.consent.allowDoNotRemember","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether not remembering/storing consent is allowed"}, +{"note":"","property_name":"idp.consent.allowGlobal","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether consent to any attribute and to any relying party is allowed"}, +{"note":"","property_name":"idp.consent.allowPerAttribute","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether per-attribute consent is allowed"}, +{"note":"","property_name":"idp.consent.compareValues","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether attribute values and terms of use text are stored and compared for equality"}, +{"note":"","property_name":"idp.consent.maxStoredRecords","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit"}, +{"note":"","property_name":"idp.consent.expandedMaxStoredRecords","idp_vers":"all","property_default_value":"0","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using larger/server-side storage, 0 = no limit"}, +{"note":"","property_name":"idp.consent.storageRecordLifetime","idp_vers":"4.x","property_default_value":"(v4.0=P1Y,v4.1=infinite)","property_type":"duration","module_vers":"","configuration_cat":"CONS","module":"","description":"Time in milliseconds to expire consent storage records"}, +{"note":"","property_name":"idp.logout.elaboration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to search metadata for user interface information associated with every service involved in logout propagation"}, +{"note":"","property_name":"idp.logout.authenticated","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to require signed logout messages in accordance with the SAML 2.0 standard"}, +{"note":"","property_name":"idp.logout.promptUser","idp_vers":"all","property_default_value":"false","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SLO","module":"","description":"If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session"}, +{"note":"","property_name":"idp.logout.preserveQuery","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic"}, +{"note":"","property_name":"idp.logout.assumeAsync","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints"}, +{"note":"","property_name":"idp.logout.propagationHidden","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user"}, +{"note":"","property_name":"idp.soap.httpClient","idp_vers":"all","property_default_value":"SOAPClient.HttpClient","property_type":"Bean ID of HttpClient to use for SOAP-based logout","module_vers":"","configuration_cat":"IDP","module":"","description":"Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)"}, +{"note":"ex. en, fr, de","property_name":"idp.ui.fallbackLanguages","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited list","module_vers":"","configuration_cat":"IDP","module":"","description":"languages to use if no match can be found with the browser-supported languages"}, +{"note":"","property_name":"idp.cas.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CAS","module":"","description":"Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)"}, +{"note":"","property_name":"idp.cas.serviceRegistryClass","idp_vers":"all","property_default_value":"net.shibboleth.idp.cas.service.PatternServiceRegistry","property_type":"?","module_vers":"","configuration_cat":"CAS","module":"","description":"CAS service registry implementation class"}, +{"note":"","property_name":"idp.cas.relyingPartyIdFromMetadata","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CAS","module":"","description":"If true CAS services provisioned with SAML metadata are identified via entityID"}, +{"note":"","property_name":"idp.fticks.federation","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Enables F-TICKS output and specifies the value of the federation-identifier field"}, +{"note":"","property_name":"idp.fticks.condition","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"FTICK","module":"","description":"Optional bean name of a Predicate to use to decide whether to run"}, +{"note":"","property_name":"idp.fticks.algorithm","idp_vers":"all","property_default_value":"SHA-2","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Digest algorithm used to obscure usernames"}, +{"note":"","property_name":"idp.fticks.salt","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"A salt to apply when digesting usernames (if not specified, the username will not be included)"}, +{"note":"","property_name":"idp.fticks.loghost","idp_vers":"all","property_default_value":"localhost","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog host"}, +{"note":"","property_name":"idp.fticks.logport","idp_vers":"all","property_default_value":"514","property_type":"int","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog port"}, +{"note":"","property_name":"idp.audit.shortenBindings","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SERV","module":"","description":"Set false if you want SAML bindings \"spelled out\" in audit log"}, +{"note":"","property_name":"idp.velocity.runtime.strictmode","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Set to true to fail on velocity syntax errors"}, +{"note":"","property_name":"idp.intercept.External.externalPath","idp_vers":"all","property_default_value":"contextRelative:intercept.jsp","property_type":"path","module_vers":"","configuration_cat":"IDP","module":"","description":"Path to use with External interceptor flow"}, +{"note":"","property_name":"idp.impersonate.generalPolicy","idp_vers":"all","property_default_value":"GeneralImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, +{"note":"","property_name":"idp.impersonate.specificPolicy","idp_vers":"all","property_default_value":"SpecificImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, +{"note":"","property_name":"idp.authn.LDAP.authenticator","idp_vers":"all","property_default_value":"anonSearchAuthenticator","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator"}, +{"note":" ex. ldap://localhost or ldaps://localhost","property_name":"idp.authn.LDAP.ldapURL","idp_vers":"all","property_default_value":"none","property_type":"LDAP URI","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection URI for LDAP directory"}, +{"note":"","property_name":"idp.authn.LDAP.useStartTLS","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether StartTLS should be used after connecting with LDAP alone."}, +{"note":"","property_name":"idp.authn.LDAP.connectTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for the TCP connection to occur."}, +{"note":"","property_name":"idp.authn.LDAP.responseTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for an LDAP response message"}, +{"note":"","property_name":"idp.authn.LDAP.connectionStrategy","idp_vers":"all","property_default_value":"ACTIVE_PASSIVE","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM"}, +{"note":"","property_name":"idp.authn.LDAP.sslConfig","idp_vers":"all","property_default_value":"certificateTrust","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust"}, +{"note":"ex. %{idp.home}/credentials/ldap-server.crt","property_name":"idp.authn.LDAP.trustCertificates","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load trust anchors from when using sslConfig = certificateTrust"}, +{"note":"ex. %{idp.home}/credentials/ldap-server.truststore","property_name":"idp.authn.LDAP.trustStore","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust"}, +{"note":"","property_name":"idp.authn.LDAP.returnAttributes","idp_vers":"all","property_default_value":"none","property_type":"comma-seperated strings","module_vers":"","configuration_cat":"LDAP","module":"","description":"List of attributes to request during authentication"}, +{"note":"","property_name":"idp.authn.LDAP.baseDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.subtreeSearch","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.userFilter","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.bindDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.bindDNCredential","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties"}, +{"note":"ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com","property_name":"idp.authn.LDAP.dnFormat","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.resolveEntryOnFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails."}, +{"note":"","property_name":"idp.authn.LDAP.resolveEntryWithBindDN","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user."}, +{"note":"","property_name":"idp.authn.LDAP.usePasswordPolicy","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Policy Control."}, +{"note":"","property_name":"idp.authn.LDAP.usePasswordExpiration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Expired Control."}, +{"note":"","property_name":"idp.authn.LDAP.activeDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types."}, +{"note":"","property_name":"idp.authn.LDAP.freeIPADirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product."}, +{"note":"","property_name":"idp.authn.LDAP.eDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product."}, +{"note":"","property_name":"idp.authn.LDAP.disablePooling","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether connection pools should be used for LDAP authentication and DN resolution"}, +{"note":"","property_name":"idp.pool.LDAP.minSize","idp_vers":"all","property_default_value":"3","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Minimum LDAP connection pool size"}, +{"note":"","property_name":"idp.pool.LDAP.maxSize","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Maximum LDAP connection pool size"}, +{"note":"","property_name":"idp.pool.LDAP.validateOnCheckout","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections when checking them out of the pool"}, +{"note":"","property_name":"idp.pool.LDAP.validatePeriodically","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections in the background"}, +{"note":"","property_name":"idp.pool.LDAP.validatePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between validation if idp.pool.LDAP.validatePeriodically is true"}, +{"note":"","property_name":"idp.pool.LDAP.validateDN","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to search with the validateFilter: defaults to the rootDSE"}, +{"note":"","property_name":"idp.pool.LDAP.validateFilter","idp_vers":"4.0.1","property_default_value":"(objectClass=*)","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Search filter to execute in order to validate a pooled connection"}, +{"note":"","property_name":"idp.pool.LDAP.prunePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between looking for idle connections to reduce the pool back to its minimum size"}, +{"note":"","property_name":"idp.pool.LDAP.idleTime","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration connections must be idle to be eligible for pruning"}, +{"note":"","property_name":"idp.pool.LDAP.blockWaitTime","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration to wait for a free connection in the pool"}, +{"note":"","property_name":"idp.authn.LDAP.bindPoolPassivator","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind."}, +{"note":"","property_name":"idp.authn.JAAS.loginConfigNames","idp_vers":"4.1","property_default_value":"ShibUserPassAuth","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Comma-delimited set of JAAS application configuration names to use"}, +{"note":"","property_name":"idp.authn.JAAS.loginConfig","idp_vers":"4.1","property_default_value":"%{idp.home}/conf/authn/jaas.config","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Location of JAAS configuration file"}, +{"note":"","property_name":"idp.authn.Krb5.refreshConfig","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt"}, +{"note":"","property_name":"idp.authn.Krb5.preserveTicket","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set"}, +{"note":"","property_name":"idp.authn.Krb5.servicePrincipal","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it"}, +{"note":"","property_name":"idp.authn.Krb5.keytab","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal"}, +{"note":"","property_name":"idp.authn.External.externalAuthnPath","idp_vers":"4.1","property_default_value":"contextRelative:external.jsp","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Spring Web Flow redirection expression for the protected resource"}, +{"note":"","property_name":"idp.authn.External.matchExpression","idp_vers":"4.1","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Regular expression to match username against"}, +{"note":"","property_name":"idp.authn.External.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.External.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.External.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.External.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.External.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, +{"note":"","property_name":"idp.authn.External.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, +{"note":"","property_name":"idp.authn.External.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether to invoke IdP discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.External.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.External.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.External.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.External.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.External.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.RemoteUser.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUser.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.RemoteUserInternal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUserInternal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.SPNEGO.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.SPNEGO.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.X509.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.X509.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.X509Internal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.X509Internal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.IPAddress.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.IPAddress.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.Function.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.Function.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.Duo.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.Duo.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step"}, +{"note":"","property_name":"idp.authn.SAML.inboundMessageHandlerFunction","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of Function to run at the late stages of Response decoding/processing"}, +{"note":"","property_name":"idp.authn.SAML.assertionValidator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of AssertionValidator to run"}, +{"note":"","property_name":"idp.authn.SAML.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.SAML.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.SAML.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.SAML.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.SAML.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, +{"note":"","property_name":"idp.authn.SAML.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, +{"note":"","property_name":"idp.authn.SAML.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to invoke IdP discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.SAML.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.SAML.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.SAML.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.SAML.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.SAML.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.MFA.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.MFA.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of BiConsumer to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone"}, +{"note":"","property_name":"idp.c14n.x500.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, +{"note":"","property_name":"idp.c14n.x500.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, +{"note":"","property_name":"idp.c14n.x500.trim","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to trim leading and trailing whitespace from the username"}, +{"note":"","property_name":"idp.c14n.x500.subjectAltNameTypes","idp_vers":"4.1","property_default_value":"none","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of subjectAltName extension types to look for"}, +{"note":"","property_name":"idp.c14n.x500.objectIDs","idp_vers":"4.1","property_default_value":"2.5.4.3","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of attribute OIDs to search for in the subject DN"}, +{"note":"","property_name":"idp.c14n.saml.proxy.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, +{"note":"","property_name":"idp.c14n.saml.proxy.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, +{"note":"","property_name":"idp.c14n.saml.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, +{"note":"","property_name":"idp.c14n.saml.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2slo","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.logout","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.cas","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.status","idp_vers":"all","property_default_value":"Status","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.resolvertest","idp_vers":"all","property_default_value":"ResolverTest","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.serviceReload","idp_vers":"all","property_default_value":"Reload","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":"","property_name":"idp.audit.hashAlgorithm","idp_vers":"4.1","property_default_value":"SHA-256","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Hash algorithm to apply to various hashed fields"}, +{"note":"","property_name":"idp.audit.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Salt to apply to hashed fields must be set to use those fields"}, +{"note":"","property_name":"idp.oidc.issuer","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set the Open ID Connect Issuer value "}, +{"note":"","property_name":"idp.oidc.idToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT1H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of ID token"}, +{"note":"","property_name":"idp.oidc.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token"}, +{"note":"","property_name":"idp.oidc.authorizeCode.defaultLifetime","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of authorization code"}, +{"note":"","property_name":"idp.oidc.refreshToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT2H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of refresh token"}, +{"note":"","property_name":"idp.oidc.forcePKCE","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is required to use PKCE"}, +{"note":"","property_name":"idp.oidc.allowPKCEPlain","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is allowed to use PKCE code challenge method plain"}, +{"note":"","property_name":"idp.oidc.encodedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests"}, +{"note":"","property_name":"idp.oidc.encodeConsentInTokens","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage"}, +{"note":"","property_name":"idp.oidc.alwaysIncludedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to always include in ID token regardless of response_type"}, +{"note":"","property_name":"idp.oidc.deniedUserInfoAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to omit from UserInfo token"}, +{"note":"","property_name":"idp.oidc.revocationCache.authorizeCode.lifetime","idp_vers":"4.1","property_default_value":"PT6H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of entries in revocation cache for authorize code"}, +{"note":"","property_name":"idp.oidc.revocationCache.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of StorageService for revocation cache requires server-side storage"}, +{"note":"","property_name":"idp.oidc.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods"}, +{"note":"","property_name":"idp.oauth2.grantTypes","idp_vers":"4.1","property_default_value":"authorization_code,refresh_token","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"OAuth grant types to allow"}, +{"note":"","property_name":"idp.oauth2.enforceRefreshTokenRotation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token."}, +{"note":"","property_name":"idp.oauth2.accessToken.type","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Format of access token. Supported values are JWT or nothing."}, +{"note":"","property_name":"idp.oauth2.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token"}, +{"note":"","property_name":"idp.oauth2.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token issued to client for resource server"}, +{"note":"","property_name":"idp.oauth2.revocationMethod","idp_vers":"4.1","property_default_value":"CHAIN","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token"}, +{"note":"","property_name":"idp.oidc.dynreg.defaultRegistrationValidity","idp_vers":"4.1","property_default_value":"PT24H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Registration lifetime"}, +{"note":"","property_name":"idp.oidc.dynreg.defaultScope","idp_vers":"4.1","property_default_value":"openid profile email address phone offline_access","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default scopes accepted in dynamic registration"}, +{"note":"","property_name":"idp.oidc.dynreg.defaultSubjectType","idp_vers":"4.1","property_default_value":"public","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default subject type if not set by client in request. Maybe set to pairwise or public."}, +{"note":"","property_name":"idp.oidc.dynreg.defaultMetadataPolicyFile","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Full path to the file containing default metadata policy used for dynamic client registration"}, +{"note":"","property_name":"idp.oidc.dynreg.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods when using dynamic registration"}, +{"note":"","property_name":"idp.signing.oidc.rs.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-rs.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA signing keypair"}, +{"note":"","property_name":"idp.signing.oidc.es.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-es.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK EC signing keypair"}, +{"note":"","property_name":"idp.signing.oidc.rsa.enc.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-encryption-rsa.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA decryption keypair"}, +{"note":"","property_name":"idp.oidc.signing.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.SigningConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default signing configuration"}, +{"note":"","property_name":"idp.oidc.encryption.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.EncryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default encryption configuration"}, +{"note":"","property_name":"idp.oidc.rodecrypt.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectDecryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request decryption configuration"}, +{"note":"one of these has the wrong name","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request signature validation configuration"}, +{"note":"one of these has the wrong name ","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default JWT token validation configuration"}, +{"note":"","property_name":"idp.authn.OAuth2Client.requireAll","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether all validators must succeed or just one"}, +{"note":"","property_name":"idp.authn.OAuth2Client.removeAfterValidation","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)"}, +{"note":"use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.","property_name":"idp.authn.OAuth2Client.retainAsPrivateCredential","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution"}, +{"note":"","property_name":"idp.authn.OAuth2Client.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.OAuth2Client.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.OAuth2Client.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of BiConsumer>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter."}, +{"note":"","property_name":"idp.service.clientinfo.failFast","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"If true any failures during initialization of any resolvers result in IdP startup failure"}, +{"note":"","property_name":"idp.service.clientinfo.checkInterval","idp_vers":"4.1","property_default_value":"PT0S","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"When non-zero enables monitoring of resources for service reload"}, +{"note":"","property_name":"idp.service.clientinfo.resources","idp_vers":"4.1","property_default_value":"shibboleth.ClientInformationResolverResources","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Name of bean used to define the resources to use in configuring this service"}, +{"note":"","property_name":"idp.oauth2.defaultAllowedScope","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function called shibboleth.oidc.AllowedScopeStrategy"}, +{"note":"","property_name":"idp.oauth2.defaultAllowedAudience","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy"}, +{"note":"","property_name":"idp.oauth2.authn.flows","idp_vers":"4.1","property_default_value":"OAuth2Client","property_type":"regex","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regular expression matching OAuth login flows to enable."}, +{"note":"","property_name":"idp.oidc.subject.sourceAttribute","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The source attribute used in generating the sub claim"}, +{"note":"","property_name":"idp.oidc.subject.algorithm","idp_vers":"4.1","property_default_value":"SHA","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The digest algorithm used in generating the sub claim"}, +{"note":"","property_name":"idp.oidc.subject.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository"}, +{"note":"","property_name":"idp.authn.DuoOIDC.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.DuoOIDC.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.DuoOIDC.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.DuoOIDC.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.DuoOIDC.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, +{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.DuoOIDC.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow considers itself to be proxying"}, +{"note":"","property_name":"idp.authn.DuoOIDC.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to invoke IdP-discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.DuoOIDC.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate determining whether flow is usable for request"}, +{"note":"","property_name":"idp.authn.DuoOIDC.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofBiConsumer for subject customization"}, +{"note":"","property_name":"idp.authn.DuoOIDC.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, +{"note":"","property_name":"idp.duo.oidc.apiHost","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"DuoOIDC API hostname assigned to the integration"}, +{"note":"","property_name":"idp.duo.oidc.clientId","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The OAuth 2.0 Client Identifier valid at the Authorization Server"}, +{"note":"ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback","property_name":"idp.duo.oidc.redirectURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Redirection URI to which the 2FA response will be sent"}, +{"note":"","property_name":"idp.duo.oidc.redirecturl.allowedOrigins","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection."}, +{"note":"","property_name":"idp.duo.oidc.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token)."}, +{"note":"","property_name":"idp.duo.oidc.endpoint.health","idp_vers":"4.1","property_default_value":"/oauth/v1/health_check","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 health check endpoint"}, +{"note":"","property_name":"idp.duo.oidc.endpoint.token","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 token endpoint"}, +{"note":"","property_name":"idp.duo.oidc.endpoint.authorize","idp_vers":"4.1","property_default_value":"/oauth/v1/authorize","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 authorization endpoint"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.clockSkew","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Leeway allowed in token expiry calculations"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.iatWindow","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum amount (in either direction from now) of duration for which a token is valid after it is issued"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.issuerPath","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.preferredUsername","idp_vers":"4.1","property_default_value":"preferred_username","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request."}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.authLifetime","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"How long the authentication is valid. Only applies to forced authentication requests."}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.apiHost","idp_vers":"4.1","property_default_value":"%{idp.duo.oidc.apiHost}","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI hostname assigned to the integration"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.integrationKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI integration key supplied by Duo"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI secret key supplied by Duo"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.factor","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Factor","property_type":"strinig","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI factor"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.device","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Device","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI device ID or name"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.passcode","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Passcode","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI passcode"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.auto","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Allow the factor to be defaulted in as \"auto\" if no headers are received"}, +{"note":" push display","property_name":"idp.duo.oidc.nonbrowser.clientAddressTrusted","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Pass client address to Duo in API calls to support logging"}, +{"note":"","property_name":"idp.duo.oidc.connectionTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for the connection to be established"}, +{"note":"","property_name":"idp.duo.oidc.connectionRequestTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for a connection to be returned from the connection manager"}, +{"note":"","property_name":"idp.duo.oidc.socketTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum period inactivity between two consecutive data packets"}, +{"note":"","property_name":"idp.duo.oidc.maxConnectionsTotal","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max total simultaneous connections allowed by the pooling connection manager"}, +{"note":"","property_name":"idp.duo.oidc.maxConnectionsPerRoute","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max simultaneous connections per route allowed by the pooling connection manager"}, +{"note":"","property_name":"idp.duo.oidc.nimbus.checkRevocation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"To enable certificate revocation checking"}, +{"note":"","property_name":"idp.authn.TOTP.headerName","idp_vers":"4.1","property_default_value":"X-Shibboleth-TOTP","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of request header to use for extracting non-browser submitted token codes"}, +{"note":"","property_name":"idp.authn.TOTP.fieldName","idp_vers":"4.1","property_default_value":"tokencode","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of HTML form field to use for locating browser-submitted token codes"}, +{"note":"","property_name":"idp.authn.TOTP.tokenSeedAttribute","idp_vers":"4.1","property_default_value":"tokenSeeds","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of IdPAttribute to resolve to obtain token seeds for users"}, +{"note":"","property_name":"idp.authn.TOTP.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.TOTP.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.TOTP.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.TOTP.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.TOTP.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, +{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.TOTP.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow considers itself to be proxying"}, +{"note":"","property_name":"idp.authn.TOTP.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to invoke IdP-discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.TOTP.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.TOTP.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.TOTP.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.TOTP.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate determining whether flow is usable for request"}, +{"note":"","property_name":"idp.authn.TOTP.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofBiConsumer for subject customization"}, +{"note":"","property_name":"idp.authn.TOTP.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, +{"note":"","property_name":"idp.authn.TOTP.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, +{"note":"","property_name":"idp.metadata.dnsname","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier"}, +{"note":"","property_name":"idp.metadata.backchannel.cert","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.path","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.height","idp_vers":"4.1","property_default_value":"80","property_type":"int","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The height of the logo in pixels."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.width","idp_vers":"4.1","property_default_value":"80","property_type":"init","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The width of the logo in pixels"}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.langs","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.displayname.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.description.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, +{"note":"no doc","property_name":"idp.oidc.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.defaultSecretExpiration","idp_vers":"4.1","property_default_value":"P12M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The validity of client secret registered"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.allowNoneForRequestSigning","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regardless of what signing algorithms are configured allow none for request object signing"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.validateRemoteJwks","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.defaultMetadataPolicy","idp_vers":"4.1","property_default_value":"shibboleth.oidc.dynreg.DefaultMetadataPolicy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine the default metadata policy used for dynamic client registration"}, +{"note":"no doc","property_name":"idp.oidc.jwk.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Storage for storing remote jwk sets."}, +{"note":"no doc","property_name":"idp.oidc.metadata.saml","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution"}, +{"note":"no doc","property_name":"idp.oidc.jwksuri.fetchInterval","idp_vers":"4.1","property_default_value":"PT30M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Upgrade interval to the remote JWKs"}, +{"note":"no doc","property_name":"idp.oidc.config.minRefreshDelay","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, +{"note":"no doc","property_name":"idp.oidc.config.maxRefreshDelay","idp_vers":"4.1","property_default_value":"PT4H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, +{"note":"no doc","property_name":"idp.oidc.LoginHintLookupStrategy","idp_vers":"4.1","property_default_value":"DefaultRequestLoginHintLookupFunction","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is."}, +{"note":"no doc","property_name":"idp.oidc.SPSessionCreationStrategy","idp_vers":"4.1","property_default_value":"DefaultSPSessionCreationStrategy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported."} +] \ No newline at end of file diff --git a/ui/src/app/App.js b/ui/src/app/App.js index 9c4e00422..ca70ee51a 100644 --- a/ui/src/app/App.js +++ b/ui/src/app/App.js @@ -34,7 +34,7 @@ import { Roles } from './admin/Roles'; import { Groups } from './admin/Groups'; import { BASE_PATH } from './App.constant'; import { ProtectRoute } from './core/components/ProtectRoute'; -import { Properties } from './admin/Properties'; +import { IdpConfiguration } from './admin/IdpConfiguration'; function App() { @@ -109,9 +109,9 @@ function App() { } /> - + - + } /> diff --git a/ui/src/app/admin/Properties.js b/ui/src/app/admin/IdpConfiguration.js similarity index 54% rename from ui/src/app/admin/Properties.js rename to ui/src/app/admin/IdpConfiguration.js index b81e0af48..621b54e71 100644 --- a/ui/src/app/admin/Properties.js +++ b/ui/src/app/admin/IdpConfiguration.js @@ -1,11 +1,11 @@ import React from 'react'; import { Switch, Route, useRouteMatch, Redirect } from 'react-router-dom'; -import { PropertiesProvider } from './hoc/PropertiesProvider'; -import { NewProperty } from './container/NewProperty'; -import { EditProperty } from './container/EditProperty'; -import { PropertyList } from './container/PropertyList'; +import { ConfigurationsProvider } from './hoc/ConfigurationsProvider'; +import { NewConfiguration } from './container/NewConfiguration'; +import { EditConfiguration } from './container/EditConfiguration'; +import { ConfigurationList } from './container/ConfigurationList'; -export function Properties() { +export function IdpConfiguration() { let { path, url } = useRouteMatch(); @@ -13,17 +13,17 @@ export function Properties() { <> - + {(properties, onDelete) => - + } - + } /> - + } /> - + } /> diff --git a/ui/src/app/admin/component/PropertyForm.js b/ui/src/app/admin/component/ConfigurationForm.js similarity index 75% rename from ui/src/app/admin/component/PropertyForm.js rename to ui/src/app/admin/component/ConfigurationForm.js index 54a0800ea..93d9ff1d9 100644 --- a/ui/src/app/admin/component/PropertyForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -1,14 +1,12 @@ import React from 'react'; import Button from 'react-bootstrap/Button'; -import Form from '../../form/Form'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons'; import Translate from '../../i18n/components/translate'; -import { usePropertyUiSchema } from '../hooks'; import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager'; -export function PropertyForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { +export function ConfigurationForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { const { dispatch } = React.useContext(FormContext); const onChange = ({ formData, errors }) => { @@ -16,8 +14,6 @@ export function PropertyForm({ property = {}, errors = [], loading = false, sche dispatch(setFormErrorAction(errors)); }; - const uiSchema = usePropertyUiSchema(); - return (<>
@@ -40,14 +36,7 @@ export function PropertyForm({ property = {}, errors = [], loading = false, sche
-
onChange(form)} - schema={schema} - uiSchema={uiSchema} - liveValidate={true}> - <> -
+
diff --git a/ui/src/app/admin/container/PropertyList.js b/ui/src/app/admin/container/ConfigurationList.js similarity index 89% rename from ui/src/app/admin/container/PropertyList.js rename to ui/src/app/admin/container/ConfigurationList.js index 2312cc1d2..300aab019 100644 --- a/ui/src/app/admin/container/PropertyList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -9,7 +9,7 @@ import { Translate } from '../../i18n/components/translate'; import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; -export function PropertyList({ properties, onDelete }) { +export function ConfigurationList({ properties, onDelete }) { const remove = (id) => { onDelete(id); @@ -23,14 +23,14 @@ export function PropertyList({ properties, onDelete }) {
- Roles Management + Configuration Management
  - Add new property + Create new configuration
@@ -38,7 +38,7 @@ export function PropertyList({ properties, onDelete }) { - Role Name + Configuration Name (label) Actions @@ -49,7 +49,7 @@ export function PropertyList({ properties, onDelete }) { {property.name} - + Edit @@ -65,7 +65,7 @@ export function PropertyList({ properties, onDelete }) { ) : - No properties defined. + No configurations. } diff --git a/ui/src/app/admin/container/EditProperty.js b/ui/src/app/admin/container/EditConfiguration.js similarity index 94% rename from ui/src/app/admin/container/EditProperty.js rename to ui/src/app/admin/container/EditConfiguration.js index beac8c5f8..4703cc098 100644 --- a/ui/src/app/admin/container/EditProperty.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -7,13 +7,13 @@ import { useProperties } from '../hooks'; import { Schema } from '../../form/Schema'; import { FormManager } from '../../form/FormManager'; -import { PropertyForm } from '../component/PropertyForm'; import { PropertyProvider } from '../hoc/PropertyProvider'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; +import { ConfigurationForm } from '../component/ConfigurationForm'; -export function EditProperty() { +export function EditConfiguration() { const { id } = useParams(); @@ -68,12 +68,12 @@ export function EditProperty() {
{(property) => - + {(schema) => <>{property && {(data, errors) => -
- + {(schema) => {(data, errors) => - - + - + diff --git a/ui/src/app/core/components/ProtectRoute.js b/ui/src/app/core/components/ProtectRoute.js index c01706920..c8a7a299f 100644 --- a/ui/src/app/core/components/ProtectRoute.js +++ b/ui/src/app/core/components/ProtectRoute.js @@ -1,9 +1,13 @@ import React from 'react'; import { Redirect } from 'react-router-dom'; - -import { useIsAdmin } from '../user/UserContext'; +import { isUndefined } from 'lodash'; +import { useCurrentUser, useIsAdmin } from '../user/UserContext'; export function ProtectRoute({ children, redirectTo, ...rest }) { + const user = useCurrentUser(); const isAdmin = useIsAdmin(); + if (isUndefined(user?.role)) { + return <> + } return isAdmin ? children : ; } \ No newline at end of file From a574d2fc6212ba97e2e352713c47948c55b22f16 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Mon, 15 Aug 2022 08:02:59 -0700 Subject: [PATCH 33/58] Property list Former-commit-id: 5bd0e2138de520486178133c016356e30691eba5 --- .../main/resources/i18n/messages.properties | 2 +- .../schema/configuration/configuration.json | 37 + .../assets/schema/properties/property.json | 30 - ui/public/data/properties.json | 659 ++++++++++++++++++ ui/src/app/App.js | 6 +- .../{Properties.js => IdpConfiguration.js} | 20 +- .../{PropertyForm.js => ConfigurationForm.js} | 15 +- .../{PropertyList.js => ConfigurationList.js} | 12 +- .../{EditProperty.js => EditConfiguration.js} | 8 +- .../{NewProperty.js => NewConfiguration.js} | 8 +- ...sProvider.js => ConfigurationsProvider.js} | 2 +- ui/src/app/core/components/Header.js | 4 +- ui/src/app/core/components/ProtectRoute.js | 8 +- 13 files changed, 735 insertions(+), 76 deletions(-) create mode 100644 ui/public/assets/schema/configuration/configuration.json delete mode 100644 ui/public/assets/schema/properties/property.json create mode 100644 ui/public/data/properties.json rename ui/src/app/admin/{Properties.js => IdpConfiguration.js} (54%) rename ui/src/app/admin/component/{PropertyForm.js => ConfigurationForm.js} (75%) rename ui/src/app/admin/container/{PropertyList.js => ConfigurationList.js} (89%) rename ui/src/app/admin/container/{EditProperty.js => EditConfiguration.js} (94%) rename ui/src/app/admin/container/{NewProperty.js => NewConfiguration.js} (91%) rename ui/src/app/admin/hoc/{PropertiesProvider.js => ConfigurationsProvider.js} (94%) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 3b3e67e83..c33e3b4a1 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -646,7 +646,7 @@ tooltip.dont-sign-response=Don\u0027t Sign Response tooltip.turn-off-encryption=Turn Off Encryption of Response tooltip.usa-sha-algorithm=Use SHA1 Signing Algorithm tooltip.authentication-methods-to-use=Authentication Methods to Use -tooltip.ignore-auth-method=Ignore any SP-Requested Authentication Method +tooltip.ignore-auth-method=Reject any AuthnReuests from this SP that contain an explicitly requested AuthnContext class tooltip.omit-not-before-condition=Omit Not Before Condition tooltip.responder-id=ResponderId tooltip.instruction=Information icon diff --git a/ui/public/assets/schema/configuration/configuration.json b/ui/public/assets/schema/configuration/configuration.json new file mode 100644 index 000000000..6694bcf25 --- /dev/null +++ b/ui/public/assets/schema/configuration/configuration.json @@ -0,0 +1,37 @@ +{ + "type": "object", + "properties": { + "properties": { + "title": "label.configuration-properties", + "description": "label.configuration-properties", + "type": "array", + "required": ["property", "value"], + "items": { + "type": "object", + "properties": { + "property": { + "title": "label.property-key", + "description": "tooltip.property-key", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "description": { + "title": "label.property-descr", + "description": "tooltip.property-descr", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "value": { + "title": "label.property-value", + "description": "tooltip.property-value", + "type": "string", + "minLength": 1, + "maxLength": 255 + } + } + } + } + } +} diff --git a/ui/public/assets/schema/properties/property.json b/ui/public/assets/schema/properties/property.json deleted file mode 100644 index f0e90ff49..000000000 --- a/ui/public/assets/schema/properties/property.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "type": "object", - "required": [ - "property", - "value" - ], - "properties": { - "property": { - "title": "label.property-key", - "description": "tooltip.property-key", - "type": "string", - "minLength": 1, - "maxLength": 255 - }, - "description": { - "title": "label.property-descr", - "description": "tooltip.property-descr", - "type": "string", - "minLength": 1, - "maxLength": 255 - }, - "value": { - "title": "label.property-value", - "description": "tooltip.property-value", - "type": "string", - "minLength": 1, - "maxLength": 255 - } - } -} \ No newline at end of file diff --git a/ui/public/data/properties.json b/ui/public/data/properties.json new file mode 100644 index 000000000..a022a4fd5 --- /dev/null +++ b/ui/public/data/properties.json @@ -0,0 +1,659 @@ +[ +{"note":"ex. /conf/ldap.properties, /conf/services.properties","property_name":"idp.additionalProperties","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set."}, +{"note":"","property_name":"idp.searchForProperties","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-load all files matching conf/**/*.properties"}, +{"note":"ex. https://unicon.net/idp/shibboleth","property_name":"idp.entityID","idp_vers":"all","property_default_value":"none","property_type":"URI","module_vers":"","configuration_cat":"RP","module":"","description":"The unique name of the IdP used as the iisuer in all SAML profiles"}, +{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, +{"note":"","property_name":"idp.artifact.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether to allow use of the SAML artifact bindings when sending messages"}, +{"note":"","property_name":"idp.artifact.secureChannel","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)"}, +{"note":"","property_name":"idp.artifact.endpointIndex","idp_vers":"all","property_default_value":"2","property_type":"int","module_vers":"","configuration_cat":"RP","module":"","description":"Identifies the endpoint in SAML metadata associated with artifacts issued by a server node"}, +{"note":"","property_name":"idp.artifact.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)"}, +{"note":"","property_name":"idp.bindings.inMetadataOrder","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout."}, +{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"file pathname","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, +{"note":"","property_name":"idp.scope","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"applies a (fixed) scope typically a domain-valued suffix to an input attribute's values"}, +{"note":"","property_name":"idp.cookie.secure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will be limited to TLS"}, +{"note":"","property_name":"idp.cookie.httpOnly","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property"}, +{"note":"","property_name":"idp.cookie.domain","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the domain of any cookies issued by the IdP (not including the container)"}, +{"note":"","property_name":"idp.cookie.path","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the path of any cookies issued by the IdP (not including the container)"}, +{"note":"","property_name":"idp.cookie.maxAge","idp_vers":"all","property_default_value":"31536000","property_type":"int","module_vers":"","configuration_cat":"SEC","module":"","description":"Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)"}, +{"note":"","property_name":"idp.cookie.sameSite","idp_vers":"all","property_default_value":"None","property_type":"Null/None/Lax/Strict","module_vers":"","configuration_cat":"SEC","module":"","description":"Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified"}, +{"note":"","property_name":"idp.cookie.sameSiteCondition","idp_vers":"all","property_default_value":"shibboleth.Conditions.FALSE","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SEC","module":"","description":"Predicate condition bean controlling whether SameSite filter runs"}, +{"note":"","property_name":"idp.sealer.keyStrategy","idp_vers":"all","property_default_value":"shibboleth.DataSealerKeyStrategy","property_type":"Bean ID of DataSealerKeyStrategy","module_vers":"","configuration_cat":"SEC","module":"","description":"Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option."}, +{"note":"","property_name":"idp.sealer.storeType","idp_vers":"all","property_default_value":"JCEKS","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Type of Java keystore used for IdP's internal AES encryption key"}, +{"note":"","property_name":"idp.sealer.updateInterval","idp_vers":"all","property_default_value":"PT15M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Time between checks for a new AES key version"}, +{"note":"","property_name":"idp.sealer.aliasBase","idp_vers":"all","property_default_value":"secret","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)"}, +{"note":"","property_name":"idp.sealer.storeResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore resource containing AES encryption key usually a file path"}, +{"note":"","property_name":"idp.sealer.versionResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource that tracks the active AES encryption key version usually a file path"}, +{"note":"","property_name":"idp.sealer.storePassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore password unlocking AES encryption keystore typically set during installation"}, +{"note":"","property_name":"idp.sealer.keyPassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Key password unlocking AES encryption key typically set to the same as the previous property and set during installation"}, +{"note":"","property_name":"idp.signing.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing private key for signing typically a file in the credentials directory"}, +{"note":"","property_name":"idp.signing.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory"}, +{"note":"","property_name":"idp.encryption.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a private key for decryption typically a file in the credentials directory"}, +{"note":"","property_name":"idp.encryption.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory"}, +{"note":"","property_name":"idp.encryption.key.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate private key for decryption generally unused except while changing decryption keys"}, +{"note":"","property_name":"idp.encryption.cert.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate public key certificate generally unused except while changing decryption keys"}, +{"note":"","property_name":"idp.security.config","idp_vers":"all","property_default_value":"shibboleth.DefaultSecurityConfiguration","property_type":"Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SecurityConfiguration "}, +{"note":"","property_name":"idp.signing.config","idp_vers":"all","property_default_value":"shibboleth.SigningConfiguration.SHA256","property_type":"Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SignatureSigningConfiguration"}, +{"note":"","property_name":"idp.encryption.config","idp_vers":"all","property_default_value":"shibboleth.EncryptionConfiguration.CBC","property_type":"Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default EncryptionConfiguration"}, +{"note":"","property_name":"idp.encryption.optional","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true failure to locate an encryption key to use won't result in request failure "}, +{"note":"","property_name":"idp.encryption.keyagreement.metadata.defaultUseKeyWrap","idp_vers":"all","property_default_value":"Default","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration"}, +{"note":"","property_name":"idp.trust.signatures","idp_vers":"all","property_default_value":"shibboleth.ChainingSignatureTrustEngine","property_type":"Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify signatures"}, +{"note":"","property_name":"idp.trust.certificates","idp_vers":"all","property_default_value":"shibboleth.ChainingX509TrustEngine","property_type":"Bean ID of TrustEngine (org.opensaml.security.trust)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify TLS certificates"}, +{"note":"","property_name":"idp.policy.messageLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped messages"}, +{"note":"","property_name":"idp.policy.assertionLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped assertions"}, +{"note":"","property_name":"idp.policy.clockSkew","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default allowance for clock differences between systems"}, +{"note":"","property_name":"idp.security.basicKeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.BasicKeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the BasicKeyInfoGeneratorFactory used by default"}, +{"note":"","property_name":"idp.security.x509KeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.X509KeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the X509KeyInfoGeneratorFactory used by default"}, +{"note":"","property_name":"idp.csrf.enabled","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CSRF","module":"","description":"Enables CSRF protection"}, +{"note":"","property_name":"idp.csrf.token.parameter","idp_vers":"4","property_default_value":"csrf_token","property_type":"string","module_vers":"","configuration_cat":"CSRF","module":"","description":"Name of the HTTP parameter that stores the CSRF token"}, +{"note":"","property_name":"idp.hsts","idp_vers":"all","property_default_value":"max-age=0","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an HSTS response header"}, +{"note":"","property_name":"idp.frameoptions","idp_vers":"all","property_default_value":"DENY","property_type":"DENY/SAMEORIGIN","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an X-Frame-Options response header"}, +{"note":"","property_name":"idp.csp","idp_vers":"all","property_default_value":"frame-ancestors 'none'","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures a Content Security Policy response header"}, +{"note":"","property_name":"idp.webflows","idp_vers":"all","property_default_value":"%{idp.home}/flows","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-supplied webflows from"}, +{"note":"","property_name":"idp.views","idp_vers":"all","property_default_value":"%{idp.home}/views","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading."}, +{"note":"","property_name":"idp.errors.detailed","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to expose detailed error causes in status information provided to outside parties"}, +{"note":"","property_name":"idp.errors.signed","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)"}, +{"note":"","property_name":"idp.errors.defaultView","idp_vers":"all","property_default_value":"error","property_type":"string","module_vers":"","configuration_cat":"ERR","module":"","description":"The default view name to render for exceptions and events"}, +{"note":"","property_name":"idp.errors.excludedExceptions","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Properties (java.util.Properties)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class)."}, +{"note":"","property_name":"idp.errors.exceptionMappings","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Collection (java.util)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)"}, +{"note":"","property_name":"idp.storage.cleanupInterval","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"STOR","module":"","description":"Interval of background thread sweeping server-side storage for expired records"}, +{"note":"","property_name":"idp.storage.htmlLocalStorage","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether to use HTML Local Storage (if available) instead of cookies"}, +{"note":"","property_name":"idp.storage.clientSessionStorageName","idp_vers":"all","property_default_value":"shib_idp_session_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default per-session instance of the client storage service"}, +{"note":"","property_name":"idp.storage.clientPersistentStorageName","idp_vers":"all","property_default_value":"shib_idp_persistent_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default persistent instance of the client storage service"}, +{"note":"","property_name":"idp.replayCache.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for message replay checking (must be server-side)"}, +{"note":"","property_name":"idp.replayCache.strict","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether storage errors during replay checks should be treated as a replay"}, +{"note":"","property_name":"idp.session.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to enable the IdP's session tracking feature"}, +{"note":"","property_name":"idp.session.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientSessionStorageService","property_type":"Bean ID of StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"SESS","module":"","description":"Bean name of a storage implementation/configuration to use for IdP sessions"}, +{"note":"","property_name":"idp.session.cookieName","idp_vers":"4.2","property_default_value":"shib_idp_session","property_type":"string","module_vers":"","configuration_cat":"SESS","module":"","description":"Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)"}, +{"note":"","property_name":"idp.session.idSize","idp_vers":"all","property_default_value":"32","property_type":"int","module_vers":"","configuration_cat":"SESS","module":"","description":"Number of characters in IdP session identifiers"}, +{"note":"","property_name":"idp.session.consistentAddress","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to bind IdP sessions to IP addresses"}, +{"note":"","property_name":"idp.session.consistentAddressCondition","idp_vers":"all","property_default_value":"Direct string comparison","property_type":"BiPredicate","module_vers":"","configuration_cat":"SESS","module":"","description":"A 2-argument predicate that compares a bound session's address to a client address"}, +{"note":"","property_name":"idp.session.timeout","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Inactivity timeout policy for IdP sessions (must be non-zero)"}, +{"note":"","property_name":"idp.session.slop","idp_vers":"all","property_default_value":"0","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Extra time after expiration before removing SP sessions in case a logout is invoked"}, +{"note":"","property_name":"idp.session.maskStorageFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to hide storage failures from users during session cache reads/writes"}, +{"note":"","property_name":"idp.session.trackSPSessions","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)"}, +{"note":"","property_name":"idp.session.secondaryServiceIndex","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)"}, +{"note":"","property_name":"idp.session.defaultSPlifetime","idp_vers":"all","property_default_value":"PT2H","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting"}, +{"note":" ex. Password, MA, DUO","property_name":"idp.authn.flows","idp_vers":"all","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Required expression that identifies the login flows to globally enable"}, +{"note":" measured since first usage","property_name":"idp.authn.defaultLifetime","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default amount of time to allow reuse prior authentication flows"}, +{"note":" measured since last usage","property_name":"idp.authn.defaultTimeout","idp_vers":"all","property_default_value":"PT30M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default inactivity timeout to prevent reuse of prior authentication flows"}, +{"note":"","property_name":"idp.authn.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication"}, +{"note":"","property_name":"idp.authn.favorSSO","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to prioritize prior authentication results when an SP requests more than one possible matching method"}, +{"note":"","property_name":"idp.authn.rpui","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to populate information about the relying party into the tree for user interfaces during login and interceptors"}, +{"note":"","property_name":"idp.authn.identitySwitchIsError","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session."}, +{"note":"","property_name":"idp.authn.discoveryURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose"}, +{"note":"","property_name":"idp.authn.overrideRequestedAuthnContext","idp_vers":"4","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set."}, +{"note":"","property_name":"idp.consent.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientPersistentStorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of storage service used to store users' consent choices"}, +{"note":"","property_name":"idp.consent.attribute-release.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, +{"note":"","property_name":"idp.consent.attribute-release.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, +{"note":"","property_name":"idp.consent.attribute-release.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of attribute-release flow along with system default behavior"}, +{"note":"","property_name":"idp.consent.attribute-release.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, +{"note":"","property_name":"idp.consent.terms-of-use.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, +{"note":"","property_name":"idp.consent.terms-of-use.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, +{"note":"","property_name":"idp.consent.terms-of-use.consentValueMessageCodeSuffix","idp_vers":"all","property_default_value":".text","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Suffix of message property used as value of consent storage records when idp.consent.compareValues is true"}, +{"note":"","property_name":"idp.consent.terms-of-use.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of terms-of-use flow"}, +{"note":"","property_name":"idp.consent.terms-of-use.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, +{"note":"","property_name":"idp.consent.allowDoNotRemember","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether not remembering/storing consent is allowed"}, +{"note":"","property_name":"idp.consent.allowGlobal","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether consent to any attribute and to any relying party is allowed"}, +{"note":"","property_name":"idp.consent.allowPerAttribute","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether per-attribute consent is allowed"}, +{"note":"","property_name":"idp.consent.compareValues","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether attribute values and terms of use text are stored and compared for equality"}, +{"note":"","property_name":"idp.consent.maxStoredRecords","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit"}, +{"note":"","property_name":"idp.consent.expandedMaxStoredRecords","idp_vers":"all","property_default_value":"0","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using larger/server-side storage, 0 = no limit"}, +{"note":"","property_name":"idp.consent.storageRecordLifetime","idp_vers":"4.x","property_default_value":"(v4.0=P1Y,v4.1=infinite)","property_type":"duration","module_vers":"","configuration_cat":"CONS","module":"","description":"Time in milliseconds to expire consent storage records"}, +{"note":"","property_name":"idp.logout.elaboration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to search metadata for user interface information associated with every service involved in logout propagation"}, +{"note":"","property_name":"idp.logout.authenticated","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to require signed logout messages in accordance with the SAML 2.0 standard"}, +{"note":"","property_name":"idp.logout.promptUser","idp_vers":"all","property_default_value":"false","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SLO","module":"","description":"If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session"}, +{"note":"","property_name":"idp.logout.preserveQuery","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic"}, +{"note":"","property_name":"idp.logout.assumeAsync","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints"}, +{"note":"","property_name":"idp.logout.propagationHidden","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user"}, +{"note":"","property_name":"idp.soap.httpClient","idp_vers":"all","property_default_value":"SOAPClient.HttpClient","property_type":"Bean ID of HttpClient to use for SOAP-based logout","module_vers":"","configuration_cat":"IDP","module":"","description":"Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)"}, +{"note":"ex. en, fr, de","property_name":"idp.ui.fallbackLanguages","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited list","module_vers":"","configuration_cat":"IDP","module":"","description":"languages to use if no match can be found with the browser-supported languages"}, +{"note":"","property_name":"idp.cas.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CAS","module":"","description":"Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)"}, +{"note":"","property_name":"idp.cas.serviceRegistryClass","idp_vers":"all","property_default_value":"net.shibboleth.idp.cas.service.PatternServiceRegistry","property_type":"?","module_vers":"","configuration_cat":"CAS","module":"","description":"CAS service registry implementation class"}, +{"note":"","property_name":"idp.cas.relyingPartyIdFromMetadata","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CAS","module":"","description":"If true CAS services provisioned with SAML metadata are identified via entityID"}, +{"note":"","property_name":"idp.fticks.federation","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Enables F-TICKS output and specifies the value of the federation-identifier field"}, +{"note":"","property_name":"idp.fticks.condition","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"FTICK","module":"","description":"Optional bean name of a Predicate to use to decide whether to run"}, +{"note":"","property_name":"idp.fticks.algorithm","idp_vers":"all","property_default_value":"SHA-2","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Digest algorithm used to obscure usernames"}, +{"note":"","property_name":"idp.fticks.salt","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"A salt to apply when digesting usernames (if not specified, the username will not be included)"}, +{"note":"","property_name":"idp.fticks.loghost","idp_vers":"all","property_default_value":"localhost","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog host"}, +{"note":"","property_name":"idp.fticks.logport","idp_vers":"all","property_default_value":"514","property_type":"int","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog port"}, +{"note":"","property_name":"idp.audit.shortenBindings","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SERV","module":"","description":"Set false if you want SAML bindings \"spelled out\" in audit log"}, +{"note":"","property_name":"idp.velocity.runtime.strictmode","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Set to true to fail on velocity syntax errors"}, +{"note":"","property_name":"idp.intercept.External.externalPath","idp_vers":"all","property_default_value":"contextRelative:intercept.jsp","property_type":"path","module_vers":"","configuration_cat":"IDP","module":"","description":"Path to use with External interceptor flow"}, +{"note":"","property_name":"idp.impersonate.generalPolicy","idp_vers":"all","property_default_value":"GeneralImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, +{"note":"","property_name":"idp.impersonate.specificPolicy","idp_vers":"all","property_default_value":"SpecificImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, +{"note":"","property_name":"idp.authn.LDAP.authenticator","idp_vers":"all","property_default_value":"anonSearchAuthenticator","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator"}, +{"note":" ex. ldap://localhost or ldaps://localhost","property_name":"idp.authn.LDAP.ldapURL","idp_vers":"all","property_default_value":"none","property_type":"LDAP URI","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection URI for LDAP directory"}, +{"note":"","property_name":"idp.authn.LDAP.useStartTLS","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether StartTLS should be used after connecting with LDAP alone."}, +{"note":"","property_name":"idp.authn.LDAP.connectTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for the TCP connection to occur."}, +{"note":"","property_name":"idp.authn.LDAP.responseTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for an LDAP response message"}, +{"note":"","property_name":"idp.authn.LDAP.connectionStrategy","idp_vers":"all","property_default_value":"ACTIVE_PASSIVE","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM"}, +{"note":"","property_name":"idp.authn.LDAP.sslConfig","idp_vers":"all","property_default_value":"certificateTrust","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust"}, +{"note":"ex. %{idp.home}/credentials/ldap-server.crt","property_name":"idp.authn.LDAP.trustCertificates","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load trust anchors from when using sslConfig = certificateTrust"}, +{"note":"ex. %{idp.home}/credentials/ldap-server.truststore","property_name":"idp.authn.LDAP.trustStore","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust"}, +{"note":"","property_name":"idp.authn.LDAP.returnAttributes","idp_vers":"all","property_default_value":"none","property_type":"comma-seperated strings","module_vers":"","configuration_cat":"LDAP","module":"","description":"List of attributes to request during authentication"}, +{"note":"","property_name":"idp.authn.LDAP.baseDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.subtreeSearch","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.userFilter","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.bindDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.bindDNCredential","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties"}, +{"note":"ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com","property_name":"idp.authn.LDAP.dnFormat","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.resolveEntryOnFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails."}, +{"note":"","property_name":"idp.authn.LDAP.resolveEntryWithBindDN","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user."}, +{"note":"","property_name":"idp.authn.LDAP.usePasswordPolicy","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Policy Control."}, +{"note":"","property_name":"idp.authn.LDAP.usePasswordExpiration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Expired Control."}, +{"note":"","property_name":"idp.authn.LDAP.activeDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types."}, +{"note":"","property_name":"idp.authn.LDAP.freeIPADirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product."}, +{"note":"","property_name":"idp.authn.LDAP.eDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product."}, +{"note":"","property_name":"idp.authn.LDAP.disablePooling","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether connection pools should be used for LDAP authentication and DN resolution"}, +{"note":"","property_name":"idp.pool.LDAP.minSize","idp_vers":"all","property_default_value":"3","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Minimum LDAP connection pool size"}, +{"note":"","property_name":"idp.pool.LDAP.maxSize","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Maximum LDAP connection pool size"}, +{"note":"","property_name":"idp.pool.LDAP.validateOnCheckout","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections when checking them out of the pool"}, +{"note":"","property_name":"idp.pool.LDAP.validatePeriodically","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections in the background"}, +{"note":"","property_name":"idp.pool.LDAP.validatePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between validation if idp.pool.LDAP.validatePeriodically is true"}, +{"note":"","property_name":"idp.pool.LDAP.validateDN","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to search with the validateFilter: defaults to the rootDSE"}, +{"note":"","property_name":"idp.pool.LDAP.validateFilter","idp_vers":"4.0.1","property_default_value":"(objectClass=*)","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Search filter to execute in order to validate a pooled connection"}, +{"note":"","property_name":"idp.pool.LDAP.prunePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between looking for idle connections to reduce the pool back to its minimum size"}, +{"note":"","property_name":"idp.pool.LDAP.idleTime","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration connections must be idle to be eligible for pruning"}, +{"note":"","property_name":"idp.pool.LDAP.blockWaitTime","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration to wait for a free connection in the pool"}, +{"note":"","property_name":"idp.authn.LDAP.bindPoolPassivator","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind."}, +{"note":"","property_name":"idp.authn.JAAS.loginConfigNames","idp_vers":"4.1","property_default_value":"ShibUserPassAuth","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Comma-delimited set of JAAS application configuration names to use"}, +{"note":"","property_name":"idp.authn.JAAS.loginConfig","idp_vers":"4.1","property_default_value":"%{idp.home}/conf/authn/jaas.config","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Location of JAAS configuration file"}, +{"note":"","property_name":"idp.authn.Krb5.refreshConfig","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt"}, +{"note":"","property_name":"idp.authn.Krb5.preserveTicket","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set"}, +{"note":"","property_name":"idp.authn.Krb5.servicePrincipal","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it"}, +{"note":"","property_name":"idp.authn.Krb5.keytab","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal"}, +{"note":"","property_name":"idp.authn.External.externalAuthnPath","idp_vers":"4.1","property_default_value":"contextRelative:external.jsp","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Spring Web Flow redirection expression for the protected resource"}, +{"note":"","property_name":"idp.authn.External.matchExpression","idp_vers":"4.1","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Regular expression to match username against"}, +{"note":"","property_name":"idp.authn.External.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.External.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.External.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.External.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.External.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, +{"note":"","property_name":"idp.authn.External.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, +{"note":"","property_name":"idp.authn.External.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether to invoke IdP discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.External.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.External.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.External.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.External.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.External.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.RemoteUser.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUser.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.RemoteUserInternal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUserInternal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.SPNEGO.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.SPNEGO.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.X509.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.X509.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.X509Internal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.X509Internal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.IPAddress.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.IPAddress.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.Function.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.Function.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.Duo.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.Duo.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step"}, +{"note":"","property_name":"idp.authn.SAML.inboundMessageHandlerFunction","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of Function to run at the late stages of Response decoding/processing"}, +{"note":"","property_name":"idp.authn.SAML.assertionValidator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of AssertionValidator to run"}, +{"note":"","property_name":"idp.authn.SAML.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.SAML.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.SAML.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.SAML.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.SAML.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, +{"note":"","property_name":"idp.authn.SAML.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, +{"note":"","property_name":"idp.authn.SAML.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to invoke IdP discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.SAML.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.SAML.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.SAML.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.SAML.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.SAML.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.MFA.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.MFA.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of BiConsumer to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone"}, +{"note":"","property_name":"idp.c14n.x500.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, +{"note":"","property_name":"idp.c14n.x500.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, +{"note":"","property_name":"idp.c14n.x500.trim","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to trim leading and trailing whitespace from the username"}, +{"note":"","property_name":"idp.c14n.x500.subjectAltNameTypes","idp_vers":"4.1","property_default_value":"none","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of subjectAltName extension types to look for"}, +{"note":"","property_name":"idp.c14n.x500.objectIDs","idp_vers":"4.1","property_default_value":"2.5.4.3","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of attribute OIDs to search for in the subject DN"}, +{"note":"","property_name":"idp.c14n.saml.proxy.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, +{"note":"","property_name":"idp.c14n.saml.proxy.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, +{"note":"","property_name":"idp.c14n.saml.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, +{"note":"","property_name":"idp.c14n.saml.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2slo","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.logout","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.cas","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.status","idp_vers":"all","property_default_value":"Status","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.resolvertest","idp_vers":"all","property_default_value":"ResolverTest","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.serviceReload","idp_vers":"all","property_default_value":"Reload","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":"","property_name":"idp.audit.hashAlgorithm","idp_vers":"4.1","property_default_value":"SHA-256","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Hash algorithm to apply to various hashed fields"}, +{"note":"","property_name":"idp.audit.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Salt to apply to hashed fields must be set to use those fields"}, +{"note":"","property_name":"idp.oidc.issuer","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set the Open ID Connect Issuer value "}, +{"note":"","property_name":"idp.oidc.idToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT1H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of ID token"}, +{"note":"","property_name":"idp.oidc.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token"}, +{"note":"","property_name":"idp.oidc.authorizeCode.defaultLifetime","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of authorization code"}, +{"note":"","property_name":"idp.oidc.refreshToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT2H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of refresh token"}, +{"note":"","property_name":"idp.oidc.forcePKCE","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is required to use PKCE"}, +{"note":"","property_name":"idp.oidc.allowPKCEPlain","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is allowed to use PKCE code challenge method plain"}, +{"note":"","property_name":"idp.oidc.encodedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests"}, +{"note":"","property_name":"idp.oidc.encodeConsentInTokens","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage"}, +{"note":"","property_name":"idp.oidc.alwaysIncludedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to always include in ID token regardless of response_type"}, +{"note":"","property_name":"idp.oidc.deniedUserInfoAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to omit from UserInfo token"}, +{"note":"","property_name":"idp.oidc.revocationCache.authorizeCode.lifetime","idp_vers":"4.1","property_default_value":"PT6H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of entries in revocation cache for authorize code"}, +{"note":"","property_name":"idp.oidc.revocationCache.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of StorageService for revocation cache requires server-side storage"}, +{"note":"","property_name":"idp.oidc.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods"}, +{"note":"","property_name":"idp.oauth2.grantTypes","idp_vers":"4.1","property_default_value":"authorization_code,refresh_token","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"OAuth grant types to allow"}, +{"note":"","property_name":"idp.oauth2.enforceRefreshTokenRotation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token."}, +{"note":"","property_name":"idp.oauth2.accessToken.type","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Format of access token. Supported values are JWT or nothing."}, +{"note":"","property_name":"idp.oauth2.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token"}, +{"note":"","property_name":"idp.oauth2.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token issued to client for resource server"}, +{"note":"","property_name":"idp.oauth2.revocationMethod","idp_vers":"4.1","property_default_value":"CHAIN","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token"}, +{"note":"","property_name":"idp.oidc.dynreg.defaultRegistrationValidity","idp_vers":"4.1","property_default_value":"PT24H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Registration lifetime"}, +{"note":"","property_name":"idp.oidc.dynreg.defaultScope","idp_vers":"4.1","property_default_value":"openid profile email address phone offline_access","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default scopes accepted in dynamic registration"}, +{"note":"","property_name":"idp.oidc.dynreg.defaultSubjectType","idp_vers":"4.1","property_default_value":"public","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default subject type if not set by client in request. Maybe set to pairwise or public."}, +{"note":"","property_name":"idp.oidc.dynreg.defaultMetadataPolicyFile","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Full path to the file containing default metadata policy used for dynamic client registration"}, +{"note":"","property_name":"idp.oidc.dynreg.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods when using dynamic registration"}, +{"note":"","property_name":"idp.signing.oidc.rs.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-rs.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA signing keypair"}, +{"note":"","property_name":"idp.signing.oidc.es.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-es.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK EC signing keypair"}, +{"note":"","property_name":"idp.signing.oidc.rsa.enc.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-encryption-rsa.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA decryption keypair"}, +{"note":"","property_name":"idp.oidc.signing.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.SigningConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default signing configuration"}, +{"note":"","property_name":"idp.oidc.encryption.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.EncryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default encryption configuration"}, +{"note":"","property_name":"idp.oidc.rodecrypt.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectDecryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request decryption configuration"}, +{"note":"one of these has the wrong name","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request signature validation configuration"}, +{"note":"one of these has the wrong name ","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default JWT token validation configuration"}, +{"note":"","property_name":"idp.authn.OAuth2Client.requireAll","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether all validators must succeed or just one"}, +{"note":"","property_name":"idp.authn.OAuth2Client.removeAfterValidation","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)"}, +{"note":"use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.","property_name":"idp.authn.OAuth2Client.retainAsPrivateCredential","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution"}, +{"note":"","property_name":"idp.authn.OAuth2Client.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.OAuth2Client.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.OAuth2Client.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of BiConsumer>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter."}, +{"note":"","property_name":"idp.service.clientinfo.failFast","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"If true any failures during initialization of any resolvers result in IdP startup failure"}, +{"note":"","property_name":"idp.service.clientinfo.checkInterval","idp_vers":"4.1","property_default_value":"PT0S","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"When non-zero enables monitoring of resources for service reload"}, +{"note":"","property_name":"idp.service.clientinfo.resources","idp_vers":"4.1","property_default_value":"shibboleth.ClientInformationResolverResources","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Name of bean used to define the resources to use in configuring this service"}, +{"note":"","property_name":"idp.oauth2.defaultAllowedScope","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function called shibboleth.oidc.AllowedScopeStrategy"}, +{"note":"","property_name":"idp.oauth2.defaultAllowedAudience","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy"}, +{"note":"","property_name":"idp.oauth2.authn.flows","idp_vers":"4.1","property_default_value":"OAuth2Client","property_type":"regex","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regular expression matching OAuth login flows to enable."}, +{"note":"","property_name":"idp.oidc.subject.sourceAttribute","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The source attribute used in generating the sub claim"}, +{"note":"","property_name":"idp.oidc.subject.algorithm","idp_vers":"4.1","property_default_value":"SHA","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The digest algorithm used in generating the sub claim"}, +{"note":"","property_name":"idp.oidc.subject.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository"}, +{"note":"","property_name":"idp.authn.DuoOIDC.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.DuoOIDC.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.DuoOIDC.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.DuoOIDC.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.DuoOIDC.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, +{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.DuoOIDC.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow considers itself to be proxying"}, +{"note":"","property_name":"idp.authn.DuoOIDC.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to invoke IdP-discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.DuoOIDC.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate determining whether flow is usable for request"}, +{"note":"","property_name":"idp.authn.DuoOIDC.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofBiConsumer for subject customization"}, +{"note":"","property_name":"idp.authn.DuoOIDC.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, +{"note":"","property_name":"idp.duo.oidc.apiHost","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"DuoOIDC API hostname assigned to the integration"}, +{"note":"","property_name":"idp.duo.oidc.clientId","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The OAuth 2.0 Client Identifier valid at the Authorization Server"}, +{"note":"ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback","property_name":"idp.duo.oidc.redirectURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Redirection URI to which the 2FA response will be sent"}, +{"note":"","property_name":"idp.duo.oidc.redirecturl.allowedOrigins","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection."}, +{"note":"","property_name":"idp.duo.oidc.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token)."}, +{"note":"","property_name":"idp.duo.oidc.endpoint.health","idp_vers":"4.1","property_default_value":"/oauth/v1/health_check","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 health check endpoint"}, +{"note":"","property_name":"idp.duo.oidc.endpoint.token","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 token endpoint"}, +{"note":"","property_name":"idp.duo.oidc.endpoint.authorize","idp_vers":"4.1","property_default_value":"/oauth/v1/authorize","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 authorization endpoint"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.clockSkew","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Leeway allowed in token expiry calculations"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.iatWindow","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum amount (in either direction from now) of duration for which a token is valid after it is issued"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.issuerPath","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.preferredUsername","idp_vers":"4.1","property_default_value":"preferred_username","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request."}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.authLifetime","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"How long the authentication is valid. Only applies to forced authentication requests."}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.apiHost","idp_vers":"4.1","property_default_value":"%{idp.duo.oidc.apiHost}","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI hostname assigned to the integration"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.integrationKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI integration key supplied by Duo"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI secret key supplied by Duo"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.factor","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Factor","property_type":"strinig","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI factor"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.device","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Device","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI device ID or name"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.passcode","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Passcode","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI passcode"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.auto","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Allow the factor to be defaulted in as \"auto\" if no headers are received"}, +{"note":" push display","property_name":"idp.duo.oidc.nonbrowser.clientAddressTrusted","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Pass client address to Duo in API calls to support logging"}, +{"note":"","property_name":"idp.duo.oidc.connectionTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for the connection to be established"}, +{"note":"","property_name":"idp.duo.oidc.connectionRequestTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for a connection to be returned from the connection manager"}, +{"note":"","property_name":"idp.duo.oidc.socketTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum period inactivity between two consecutive data packets"}, +{"note":"","property_name":"idp.duo.oidc.maxConnectionsTotal","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max total simultaneous connections allowed by the pooling connection manager"}, +{"note":"","property_name":"idp.duo.oidc.maxConnectionsPerRoute","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max simultaneous connections per route allowed by the pooling connection manager"}, +{"note":"","property_name":"idp.duo.oidc.nimbus.checkRevocation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"To enable certificate revocation checking"}, +{"note":"","property_name":"idp.authn.TOTP.headerName","idp_vers":"4.1","property_default_value":"X-Shibboleth-TOTP","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of request header to use for extracting non-browser submitted token codes"}, +{"note":"","property_name":"idp.authn.TOTP.fieldName","idp_vers":"4.1","property_default_value":"tokencode","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of HTML form field to use for locating browser-submitted token codes"}, +{"note":"","property_name":"idp.authn.TOTP.tokenSeedAttribute","idp_vers":"4.1","property_default_value":"tokenSeeds","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of IdPAttribute to resolve to obtain token seeds for users"}, +{"note":"","property_name":"idp.authn.TOTP.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.TOTP.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.TOTP.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.TOTP.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.TOTP.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, +{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.TOTP.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow considers itself to be proxying"}, +{"note":"","property_name":"idp.authn.TOTP.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to invoke IdP-discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.TOTP.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.TOTP.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.TOTP.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.TOTP.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate determining whether flow is usable for request"}, +{"note":"","property_name":"idp.authn.TOTP.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofBiConsumer for subject customization"}, +{"note":"","property_name":"idp.authn.TOTP.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, +{"note":"","property_name":"idp.authn.TOTP.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, +{"note":"","property_name":"idp.metadata.dnsname","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier"}, +{"note":"","property_name":"idp.metadata.backchannel.cert","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.path","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.height","idp_vers":"4.1","property_default_value":"80","property_type":"int","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The height of the logo in pixels."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.width","idp_vers":"4.1","property_default_value":"80","property_type":"init","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The width of the logo in pixels"}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.langs","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.displayname.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.description.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, +{"note":"no doc","property_name":"idp.oidc.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.defaultSecretExpiration","idp_vers":"4.1","property_default_value":"P12M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The validity of client secret registered"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.allowNoneForRequestSigning","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regardless of what signing algorithms are configured allow none for request object signing"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.validateRemoteJwks","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.defaultMetadataPolicy","idp_vers":"4.1","property_default_value":"shibboleth.oidc.dynreg.DefaultMetadataPolicy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine the default metadata policy used for dynamic client registration"}, +{"note":"no doc","property_name":"idp.oidc.jwk.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Storage for storing remote jwk sets."}, +{"note":"no doc","property_name":"idp.oidc.metadata.saml","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution"}, +{"note":"no doc","property_name":"idp.oidc.jwksuri.fetchInterval","idp_vers":"4.1","property_default_value":"PT30M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Upgrade interval to the remote JWKs"}, +{"note":"no doc","property_name":"idp.oidc.config.minRefreshDelay","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, +{"note":"no doc","property_name":"idp.oidc.config.maxRefreshDelay","idp_vers":"4.1","property_default_value":"PT4H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, +{"note":"no doc","property_name":"idp.oidc.LoginHintLookupStrategy","idp_vers":"4.1","property_default_value":"DefaultRequestLoginHintLookupFunction","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is."}, +{"note":"no doc","property_name":"idp.oidc.SPSessionCreationStrategy","idp_vers":"4.1","property_default_value":"DefaultSPSessionCreationStrategy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported."} +] \ No newline at end of file diff --git a/ui/src/app/App.js b/ui/src/app/App.js index 9c4e00422..ca70ee51a 100644 --- a/ui/src/app/App.js +++ b/ui/src/app/App.js @@ -34,7 +34,7 @@ import { Roles } from './admin/Roles'; import { Groups } from './admin/Groups'; import { BASE_PATH } from './App.constant'; import { ProtectRoute } from './core/components/ProtectRoute'; -import { Properties } from './admin/Properties'; +import { IdpConfiguration } from './admin/IdpConfiguration'; function App() { @@ -109,9 +109,9 @@ function App() { } /> - + - + } /> diff --git a/ui/src/app/admin/Properties.js b/ui/src/app/admin/IdpConfiguration.js similarity index 54% rename from ui/src/app/admin/Properties.js rename to ui/src/app/admin/IdpConfiguration.js index b81e0af48..621b54e71 100644 --- a/ui/src/app/admin/Properties.js +++ b/ui/src/app/admin/IdpConfiguration.js @@ -1,11 +1,11 @@ import React from 'react'; import { Switch, Route, useRouteMatch, Redirect } from 'react-router-dom'; -import { PropertiesProvider } from './hoc/PropertiesProvider'; -import { NewProperty } from './container/NewProperty'; -import { EditProperty } from './container/EditProperty'; -import { PropertyList } from './container/PropertyList'; +import { ConfigurationsProvider } from './hoc/ConfigurationsProvider'; +import { NewConfiguration } from './container/NewConfiguration'; +import { EditConfiguration } from './container/EditConfiguration'; +import { ConfigurationList } from './container/ConfigurationList'; -export function Properties() { +export function IdpConfiguration() { let { path, url } = useRouteMatch(); @@ -13,17 +13,17 @@ export function Properties() { <> - + {(properties, onDelete) => - + } - + } /> - + } /> - + } /> diff --git a/ui/src/app/admin/component/PropertyForm.js b/ui/src/app/admin/component/ConfigurationForm.js similarity index 75% rename from ui/src/app/admin/component/PropertyForm.js rename to ui/src/app/admin/component/ConfigurationForm.js index 54a0800ea..93d9ff1d9 100644 --- a/ui/src/app/admin/component/PropertyForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -1,14 +1,12 @@ import React from 'react'; import Button from 'react-bootstrap/Button'; -import Form from '../../form/Form'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons'; import Translate from '../../i18n/components/translate'; -import { usePropertyUiSchema } from '../hooks'; import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager'; -export function PropertyForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { +export function ConfigurationForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { const { dispatch } = React.useContext(FormContext); const onChange = ({ formData, errors }) => { @@ -16,8 +14,6 @@ export function PropertyForm({ property = {}, errors = [], loading = false, sche dispatch(setFormErrorAction(errors)); }; - const uiSchema = usePropertyUiSchema(); - return (<>
@@ -40,14 +36,7 @@ export function PropertyForm({ property = {}, errors = [], loading = false, sche
-
onChange(form)} - schema={schema} - uiSchema={uiSchema} - liveValidate={true}> - <> -
+
diff --git a/ui/src/app/admin/container/PropertyList.js b/ui/src/app/admin/container/ConfigurationList.js similarity index 89% rename from ui/src/app/admin/container/PropertyList.js rename to ui/src/app/admin/container/ConfigurationList.js index 2312cc1d2..300aab019 100644 --- a/ui/src/app/admin/container/PropertyList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -9,7 +9,7 @@ import { Translate } from '../../i18n/components/translate'; import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; -export function PropertyList({ properties, onDelete }) { +export function ConfigurationList({ properties, onDelete }) { const remove = (id) => { onDelete(id); @@ -23,14 +23,14 @@ export function PropertyList({ properties, onDelete }) {
- Roles Management + Configuration Management
  - Add new property + Create new configuration
@@ -38,7 +38,7 @@ export function PropertyList({ properties, onDelete }) { - Role Name + Configuration Name (label) Actions @@ -49,7 +49,7 @@ export function PropertyList({ properties, onDelete }) { {property.name} - + Edit @@ -65,7 +65,7 @@ export function PropertyList({ properties, onDelete }) { ) : - No properties defined. + No configurations. } diff --git a/ui/src/app/admin/container/EditProperty.js b/ui/src/app/admin/container/EditConfiguration.js similarity index 94% rename from ui/src/app/admin/container/EditProperty.js rename to ui/src/app/admin/container/EditConfiguration.js index beac8c5f8..4703cc098 100644 --- a/ui/src/app/admin/container/EditProperty.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -7,13 +7,13 @@ import { useProperties } from '../hooks'; import { Schema } from '../../form/Schema'; import { FormManager } from '../../form/FormManager'; -import { PropertyForm } from '../component/PropertyForm'; import { PropertyProvider } from '../hoc/PropertyProvider'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; +import { ConfigurationForm } from '../component/ConfigurationForm'; -export function EditProperty() { +export function EditConfiguration() { const { id } = useParams(); @@ -68,12 +68,12 @@ export function EditProperty() {
{(property) => - + {(schema) => <>{property && {(data, errors) => -
- + {(schema) => {(data, errors) => - - + - + diff --git a/ui/src/app/core/components/ProtectRoute.js b/ui/src/app/core/components/ProtectRoute.js index c01706920..c8a7a299f 100644 --- a/ui/src/app/core/components/ProtectRoute.js +++ b/ui/src/app/core/components/ProtectRoute.js @@ -1,9 +1,13 @@ import React from 'react'; import { Redirect } from 'react-router-dom'; - -import { useIsAdmin } from '../user/UserContext'; +import { isUndefined } from 'lodash'; +import { useCurrentUser, useIsAdmin } from '../user/UserContext'; export function ProtectRoute({ children, redirectTo, ...rest }) { + const user = useCurrentUser(); const isAdmin = useIsAdmin(); + if (isUndefined(user?.role)) { + return <> + } return isAdmin ? children : ; } \ No newline at end of file From 4c79e916714a7a1543943316c435565858a2aa4b Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Mon, 15 Aug 2022 08:04:19 -0700 Subject: [PATCH 34/58] Updated ignore auth method tooltip --- backend/src/main/resources/i18n/messages.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 51b0cf332..b76133d20 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -660,7 +660,7 @@ tooltip.dont-sign-response=Do not sign the full authentication response to the s tooltip.turn-off-encryption=Whether to turn off encryption of the response. tooltip.usa-sha-algorithm=Whether to use the SHA1 Signing Algorithm. In cryptography, SHA-1 (Secure Hash Algorithm 1) is cryptographically broken but still widely used. It takes an input and produces a 160-bit (20-byte) hash value. tooltip.authentication-methods-to-use=The method used to authenticate the subject. -tooltip.ignore-auth-method=Whether to ignore any SP-Requested Authentication Method. +tooltip.ignore-auth-method=Reject any AuthnReuests from this SP that contain an explicitly requested AuthnContext class tooltip.omit-not-before-condition=Whether to include a NotBefore attribute in assertions. tooltip.responder-id=Identifier of the selected SAML IdP entity. tooltip.instruction=Information icon From 8d1719427f8cff3995c6878523d0b7e9b7a27d0a Mon Sep 17 00:00:00 2001 From: Bill Smith Date: Mon, 15 Aug 2022 23:39:35 -0400 Subject: [PATCH 35/58] SHIBUI-2267 Added test for new relying party override. Various other fixes and enhancements in an effort to help stabilize the tests. --- .../admin/ui/SeleniumSIDETest.groovy | 1 + .../integration/resources/SHIBUI-1334-1.side | 35 +- .../integration/resources/SHIBUI-1364-4.side | 14 + .../integration/resources/SHIBUI-1385-1.side | 69 ++- .../integration/resources/SHIBUI-1407-1.side | 37 +- .../integration/resources/SHIBUI-1732-1.side | 96 ++-- .../integration/resources/SHIBUI-1732-2.side | 94 ++-- .../integration/resources/SHIBUI-1732-3.side | 136 +++--- .../integration/resources/SHIBUI-1732-4.side | 75 +-- .../integration/resources/SHIBUI-1732-5.side | 94 ++-- .../integration/resources/SHIBUI-1732-7.side | 93 ++-- .../integration/resources/SHIBUI-2267.side | 455 ++++++++++++++++++ 12 files changed, 848 insertions(+), 351 deletions(-) create mode 100644 backend/src/integration/resources/SHIBUI-2267.side diff --git a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy index 14a65b52b..a45acac94 100644 --- a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy +++ b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy @@ -153,6 +153,7 @@ class SeleniumSIDETest extends Specification { 'SHIBUI-1744: Verify attribute bundles in entity attribute filters' | '/SHIBUI-1744-3.side' 'SHIBUI-2052: Logged in user & role appear on dashboard' | '/SHIBUI-2052.side' 'SHIBUI-2116: Verify entity attribute bundle highlights' | '/SHIBUI-2116.side' // Note that this script WILL NOT PASS in the Selenium IDE due to ${driver} not being set (it is provided by this groovy script). + 'SHIBUI-2267: Verify new RPO CRUD' | '/SHIBUI-2267.side' 'SHIBUI-2269: Verify XML generation of external filters' | '/SHIBUI-2269.side' } } diff --git a/backend/src/integration/resources/SHIBUI-1334-1.side b/backend/src/integration/resources/SHIBUI-1334-1.side index f0491037d..af9840182 100644 --- a/backend/src/integration/resources/SHIBUI-1334-1.side +++ b/backend/src/integration/resources/SHIBUI-1334-1.side @@ -2695,6 +2695,13 @@ ["xpath=//span[contains(.,'Display Name v3')]", "xpath:innerText"] ], "value": "30000" + }, { + "id": "bde2bbbb-df66-4e07-a770-ec9125fe3e81", + "comment": "", + "command": "pause", + "target": "5000", + "targets": [], + "value": "" }, { "id": "5a976e2c-dc5f-4021-9cc6-3cad12e771ea", "comment": "", @@ -2718,20 +2725,20 @@ ], "value": "Display Name" }, { - "id": "4ec2c493-85e4-403b-9b09-031c5728f498", - "comment": "", - "command": "open", - "target": "/api/heheheheheheheWipeout", - "targets": [], - "value": "" - }, { - "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", - "comment": "", - "command": "assertText", - "target": "css=body", - "targets": [], - "value": "yes, you did it" - }] + "id": "4ec2c493-85e4-403b-9b09-031c5728f498", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] }], "suites": [{ "id": "d2caeac4-7520-4e3c-96b1-840610b6983c", diff --git a/backend/src/integration/resources/SHIBUI-1364-4.side b/backend/src/integration/resources/SHIBUI-1364-4.side index 3384d27ea..ef58a9c8d 100644 --- a/backend/src/integration/resources/SHIBUI-1364-4.side +++ b/backend/src/integration/resources/SHIBUI-1364-4.side @@ -1417,6 +1417,20 @@ ["xpath=//input", "xpath:position"] ], "value": "" + }, { + "id": "a9bd983c-7743-4bec-87ad-7484e60cff99", + "comment": "", + "command": "waitForElementVisible", + "target": "css=.d-flex:nth-child(3) > .border-primary:nth-child(2) .mb-0:nth-child(1)", + "targets": [], + "value": "30000" + }, { + "id": "0d53853f-597f-4c2a-8f6b-ef4e1109bf3c", + "comment": "", + "command": "pause", + "target": "5000", + "targets": [], + "value": "" }, { "id": "c2102a31-6e18-4d6c-8146-e23459403b65", "comment": "", diff --git a/backend/src/integration/resources/SHIBUI-1385-1.side b/backend/src/integration/resources/SHIBUI-1385-1.side index 801580133..43178ab01 100644 --- a/backend/src/integration/resources/SHIBUI-1385-1.side +++ b/backend/src/integration/resources/SHIBUI-1385-1.side @@ -2629,45 +2629,38 @@ ], "value": "" }, { - "id": "56094f6e-45b7-42f6-9102-e4e19673240d", + "id": "85af384a-77b1-4d88-8915-9430afae4845", "comment": "", "command": "waitForElementVisible", - "target": "css=.mb-4:nth-child(3) div:nth-child(1) > .d-flex > .d-block:nth-child(2)", - "targets": [ - ["css=.mb-4:nth-child(3) div:nth-child(1) > .d-flex > .d-block:nth-child(2)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[2]/div/div[2]/div[2]/div/div/div/span[2]", "xpath:idRelative"], - ["xpath=//section[2]/div/div[2]/div[2]/div/div/div/span[2]", "xpath:position"] - ], + "target": "css=div:nth-child(1) > div > .bg-diff > .d-block:nth-child(2)", + "targets": [], "value": "30000" + }, { + "id": "eb302999-153d-492c-869c-8bf26e8134a0", + "comment": "", + "command": "pause", + "target": "5000", + "targets": [], + "value": "" }, { "id": "5a976e2c-dc5f-4021-9cc6-3cad12e771ea", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(3) div:nth-child(1) > .d-flex > .d-block:nth-child(2)", + "target": "css=div:nth-child(1) > div > .bg-diff > .d-block:nth-child(2)", "targets": [ - ["css=.mb-4:nth-child(3) div:nth-child(1) > .d-flex > .d-block:nth-child(2)", "css:finder"], + ["css=div:nth-child(1) > div > .bg-diff > .d-block:nth-child(2)", "css:finder"], ["xpath=//div[@id='root']/div/main/div/section/div/div/section[2]/div/div[2]/div[2]/div/div/div/span[2]", "xpath:idRelative"], - ["xpath=//section[2]/div/div[2]/div[2]/div/div/div/span[2]", "xpath:position"] + ["xpath=//section[2]/div/div[2]/div[2]/div/div/div/span[2]", "xpath:position"], + ["xpath=//span[contains(.,'Display Name v3')]", "xpath:innerText"] ], "value": "Display Name v3" - }, { - "id": "c2ebc46c-e443-47b9-b17b-0ac6d23b882c", - "comment": "", - "command": "waitForElementVisible", - "target": "css=.mb-4:nth-child(3) div:nth-child(1) > .d-flex > .d-block:nth-child(3)", - "targets": [ - ["css=.mb-4:nth-child(3) div:nth-child(1) > .d-flex > .d-block:nth-child(3)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[2]/div/div[2]/div[2]/div/div/div/span[3]", "xpath:idRelative"], - ["xpath=//section[2]/div/div[2]/div[2]/div/div/div/span[3]", "xpath:position"] - ], - "value": "30000" }, { "id": "72328587-fe8d-4dc8-bc3d-a163f91a1ad6", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(3) div:nth-child(1) > .d-flex > .d-block:nth-child(3)", + "target": "css=div:nth-child(1) > div > .bg-diff > .d-block:nth-child(3)", "targets": [ - ["css=.mb-4:nth-child(3) div:nth-child(1) > .d-flex > .d-block:nth-child(3)", "css:finder"], + ["css=div:nth-child(1) > div > .bg-diff > .d-block:nth-child(3)", "css:finder"], ["xpath=//div[@id='root']/div/main/div/section/div/div/section[2]/div/div[2]/div[2]/div/div/div/span[3]", "xpath:idRelative"], ["xpath=//section[2]/div/div[2]/div[2]/div/div/div/span[3]", "xpath:position"] ], @@ -2878,21 +2871,21 @@ ["xpath=//section[2]/div/div[2]/div[2]/div/div/div/span[3]", "xpath:position"] ], "value": "Display Name" - },{ - "id": "4ec2c493-85e4-403b-9b09-031c5728f498", - "comment": "", - "command": "open", - "target": "/api/heheheheheheheWipeout", - "targets": [], - "value": "" - }, { - "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", - "comment": "", - "command": "assertText", - "target": "css=body", - "targets": [], - "value": "yes, you did it" - }] + }, { + "id": "4ec2c493-85e4-403b-9b09-031c5728f498", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] }], "suites": [{ "id": "d2caeac4-7520-4e3c-96b1-840610b6983c", diff --git a/backend/src/integration/resources/SHIBUI-1407-1.side b/backend/src/integration/resources/SHIBUI-1407-1.side index 2a6525167..46d1c6fa1 100644 --- a/backend/src/integration/resources/SHIBUI-1407-1.side +++ b/backend/src/integration/resources/SHIBUI-1407-1.side @@ -2459,6 +2459,13 @@ ["xpath=//span[3]", "xpath:position"] ], "value": "Test Provider" + }, { + "id": "39637add-5eb4-40d0-b840-8eb1972ede0f", + "comment": "", + "command": "pause", + "target": "1000", + "targets": [], + "value": "" }, { "id": "138ad58b-f0a2-436b-a8b0-43484f4180e6", "comment": "", @@ -2608,21 +2615,21 @@ "target": "isPresent", "targets": [], "value": "true" - },{ - "id": "4ec2c493-85e4-403b-9b09-031c5728f498", - "comment": "", - "command": "open", - "target": "/api/heheheheheheheWipeout", - "targets": [], - "value": "" - }, { - "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", - "comment": "", - "command": "assertText", - "target": "css=body", - "targets": [], - "value": "yes, you did it" - }] + }, { + "id": "4ec2c493-85e4-403b-9b09-031c5728f498", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] }], "suites": [{ "id": "d2caeac4-7520-4e3c-96b1-840610b6983c", diff --git a/backend/src/integration/resources/SHIBUI-1732-1.side b/backend/src/integration/resources/SHIBUI-1732-1.side index 38720ef67..5c1d1daec 100644 --- a/backend/src/integration/resources/SHIBUI-1732-1.side +++ b/backend/src/integration/resources/SHIBUI-1732-1.side @@ -400,11 +400,11 @@ "id": "002e853c-ed14-430a-ba32-a3c59da26305", "comment": "", "command": "assertText", - "target": "css=.row:nth-child(7) span", + "target": "css=.row:nth-child(8) .form-label > span", "targets": [ - ["css=.row:nth-child(7) span", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[7]/div/div/div/div/label/span", "xpath:idRelative"], - ["xpath=//div[7]/div/div/div/div/label/span", "xpath:position"], + ["css=.row:nth-child(8) .form-label > span", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[8]/div/div/div/div/label/span", "xpath:idRelative"], + ["xpath=//div[8]/div/div/div/div/label/span", "xpath:position"], ["xpath=//span[contains(.,'Custom String Display')]", "xpath:innerText"] ], "value": "Custom String Display" @@ -475,11 +475,11 @@ "id": "220200b4-4b3f-4c1b-9d89-e17a136fb4c1", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(1)", + "target": "css=div:nth-child(8) .d-block:nth-child(1)", "targets": [ - ["css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:idRelative"], - ["xpath=//section[8]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:position"], + ["css=div:nth-child(8) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[8]/div/span", "xpath:idRelative"], + ["xpath=//div[8]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom String Display')]", "xpath:innerText"] ], "value": "Custom String Display" @@ -487,11 +487,11 @@ "id": "33312edd-a161-428c-9e5a-63d1d245b1c7", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(2)", + "target": "css=div:nth-child(8) .text-truncate", "targets": [ - ["css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(2)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:idRelative"], - ["xpath=//section[8]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:position"], + ["css=div:nth-child(8) .text-truncate", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[8]/div/span[2]", "xpath:idRelative"], + ["xpath=//div[8]/div/span[2]", "xpath:position"], ["xpath=//span[contains(.,'Custom String Default Edited')]", "xpath:innerText"] ], "value": "Custom String Default Edited" @@ -533,11 +533,11 @@ "id": "77768da6-c87e-49c6-a2d1-322218196038", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(2)", + "target": "css=div:nth-child(8) .text-truncate", "targets": [ - ["css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(2)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:idRelative"], - ["xpath=//section[7]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:position"], + ["css=div:nth-child(8) .text-truncate", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[8]/div/span[2]", "xpath:idRelative"], + ["xpath=//div[8]/div/span[2]", "xpath:position"], ["xpath=//span[contains(.,'Custom String Default Edited')]", "xpath:innerText"] ], "value": "Custom String Default Edited" @@ -545,11 +545,11 @@ "id": "edb8ae5b-b1d6-4078-b3d2-d41ece0bbd28", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(1)", + "target": "css=div:nth-child(8) .d-block:nth-child(1)", "targets": [ - ["css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:idRelative"], - ["xpath=//section[7]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:position"], + ["css=div:nth-child(8) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[8]/div/span", "xpath:idRelative"], + ["xpath=//div[8]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom String Display')]", "xpath:innerText"] ], "value": "Custom String Display" @@ -862,11 +862,11 @@ "id": "62aae077-0f97-48ec-97cb-2111ea9e3400", "comment": "", "command": "assertText", - "target": "css=.row:nth-child(7) > .col-12 > .mb-3 > div > div > .form-label > span", + "target": "css=.row:nth-child(8) .form-label > span", "targets": [ - ["css=.row:nth-child(7) > .col-12 > .mb-3 > div > div > .form-label > span", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[7]/div/div/div/div/label/span", "xpath:idRelative"], - ["xpath=//div[7]/div/div/div/div/label/span", "xpath:position"], + ["css=.row:nth-child(8) .form-label > span", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[8]/div/div/div/div/label/span", "xpath:idRelative"], + ["xpath=//div[8]/div/div/div/div/label/span", "xpath:position"], ["xpath=//span[contains(.,'Custom String Display')]", "xpath:innerText"] ], "value": "Custom String Display" @@ -939,11 +939,11 @@ "id": "848c273e-a5b1-4ff8-90e2-ee0ecbadff2d", "comment": "", "command": "assertText", - "target": "css=div:nth-child(1) > div:nth-child(7) .d-block:nth-child(1)", + "target": "css=.mb-4:nth-child(4) div:nth-child(8) .d-block:nth-child(1)", "targets": [ - ["css=div:nth-child(1) > div:nth-child(7) .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:idRelative"], - ["xpath=//div[2]/div[2]/div/div[7]/div/span", "xpath:position"], + ["css=.mb-4:nth-child(4) div:nth-child(8) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[8]/div/span", "xpath:idRelative"], + ["xpath=//section[2]/div/div[2]/div[2]/div/div[8]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom String Display')]", "xpath:innerText"] ], "value": "Custom String Display" @@ -951,12 +951,12 @@ "id": "4524e88f-bbfc-4f4f-b72d-30cce97564da", "comment": "", "command": "assertText", - "target": "css=div:nth-child(1) > div:nth-child(7) .text-truncate", + "target": "css=.mb-4:nth-child(4) div:nth-child(8) .d-block:nth-child(2)", "targets": [ - ["css=div:nth-child(1) > div:nth-child(7) .text-truncate", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:idRelative"], - ["xpath=//div[2]/div[2]/div/div[7]/div/span[2]", "xpath:position"], - ["xpath=//span[contains(.,'Custom String Default')]", "xpath:innerText"] + ["css=.mb-4:nth-child(4) div:nth-child(8) .d-block:nth-child(2)", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[8]/div/span[2]", "xpath:idRelative"], + ["xpath=//section[2]/div/div[2]/div[2]/div/div[8]/div/span[2]", "xpath:position"], + ["xpath=//span[contains(.,'Custom String Default Edited')]", "xpath:innerText"] ], "value": "Custom String Default Edited" }, { @@ -1031,21 +1031,21 @@ "target": "css=table > tbody > tr", "targets": [], "value": "" - },{ - "id": "4ec2c493-85e4-403b-9b09-031c5728f498", - "comment": "", - "command": "open", - "target": "/api/heheheheheheheWipeout", - "targets": [], - "value": "" - }, { - "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", - "comment": "", - "command": "assertText", - "target": "css=body", - "targets": [], - "value": "yes, you did it" - }] + }, { + "id": "4ec2c493-85e4-403b-9b09-031c5728f498", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] }], "suites": [{ "id": "a9b788f1-5f67-4d2c-82a5-30dc53eb75e9", diff --git a/backend/src/integration/resources/SHIBUI-1732-2.side b/backend/src/integration/resources/SHIBUI-1732-2.side index 39b05afb3..fdfad5dc8 100644 --- a/backend/src/integration/resources/SHIBUI-1732-2.side +++ b/backend/src/integration/resources/SHIBUI-1732-2.side @@ -374,11 +374,11 @@ "id": "fb8782e1-3376-4c59-af8a-5cf383c78239", "comment": "", "command": "assertText", - "target": "css=.row:nth-child(6) .d-flex > span", + "target": "css=.row:nth-child(7) .d-flex > span", "targets": [ - ["css=.row:nth-child(6) .d-flex > span", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[6]/div/div/div/div/div/label/span/span", "xpath:idRelative"], - ["xpath=//div[6]/div/div/div/div/div/label/span/span", "xpath:position"] + ["css=.row:nth-child(7) .d-flex > span", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[7]/div/div/div/div/div/label/span/span", "xpath:idRelative"], + ["xpath=//div[7]/div/div/div/div/div/label/span/span", "xpath:position"] ], "value": "Custom Boolean Display" }, { @@ -435,11 +435,11 @@ "id": "a7db0511-2584-4cb0-bbaa-2341a705ef07", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(8) div:nth-child(6) .d-block:nth-child(1)", + "target": "css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(1)", "targets": [ - ["css=.mb-4:nth-child(8) div:nth-child(6) .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[6]/div/span", "xpath:idRelative"], - ["xpath=//section[8]/div/div[2]/div[2]/div/div[6]/div/span", "xpath:position"], + ["css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:idRelative"], + ["xpath=//section[8]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Boolean Display')]", "xpath:innerText"] ], "value": "Custom Boolean Display" @@ -447,11 +447,11 @@ "id": "771a8f70-ed99-486f-90f3-3401215d8743", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(8) div:nth-child(6) .d-block:nth-child(2)", + "target": "css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(2)", "targets": [ - ["css=.mb-4:nth-child(8) div:nth-child(6) .d-block:nth-child(2)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[6]/div/span[2]", "xpath:idRelative"], - ["xpath=//section[8]/div/div[2]/div[2]/div/div[6]/div/span[2]", "xpath:position"], + ["css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(2)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:idRelative"], + ["xpath=//section[8]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:position"], ["xpath=//span[contains(.,'true')]", "xpath:innerText"] ], "value": "true" @@ -493,11 +493,11 @@ "id": "4dc24329-7c83-43c9-86d6-95f9bf5da92d", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(9) div:nth-child(6) .d-block:nth-child(1)", + "target": "css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(1)", "targets": [ - ["css=.mb-4:nth-child(9) div:nth-child(6) .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[6]/div/span", "xpath:idRelative"], - ["xpath=//section[7]/div/div[2]/div[2]/div/div[6]/div/span", "xpath:position"], + ["css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:idRelative"], + ["xpath=//section[7]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Boolean Display')]", "xpath:innerText"] ], "value": "Custom Boolean Display" @@ -505,11 +505,11 @@ "id": "32f6aaa6-a256-4c36-932e-7c45b4045cba", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(9) div:nth-child(6) .d-block:nth-child(2)", + "target": "css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(2)", "targets": [ - ["css=.mb-4:nth-child(9) div:nth-child(6) .d-block:nth-child(2)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[6]/div/span[2]", "xpath:idRelative"], - ["xpath=//section[7]/div/div[2]/div[2]/div/div[6]/div/span[2]", "xpath:position"], + ["css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(2)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:idRelative"], + ["xpath=//section[7]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:position"], ["xpath=//span[contains(.,'true')]", "xpath:innerText"] ], "value": "true" @@ -840,11 +840,11 @@ "id": "73e0928e-a395-4cdd-b90c-229a01cbe7c4", "comment": "", "command": "assertText", - "target": "css=.row:nth-child(6) .d-flex > span", + "target": "css=.row:nth-child(7) > .col-12 > .mb-3 > div > .checkbox .d-flex > span", "targets": [ - ["css=.row:nth-child(6) .d-flex > span", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[6]/div/div/div/div/div/label/span/span", "xpath:idRelative"], - ["xpath=//div[6]/div/div/div/div/div/label/span/span", "xpath:position"] + ["css=.row:nth-child(7) > .col-12 > .mb-3 > div > .checkbox .d-flex > span", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[7]/div/div/div/div/div/label/span/span", "xpath:idRelative"], + ["xpath=//div[7]/div/div/div/div/div/label/span/span", "xpath:position"] ], "value": "Custom Boolean Display" }, { @@ -897,11 +897,11 @@ "id": "d445f01f-b936-4ebb-b011-8ce2f056e06c", "comment": "", "command": "assertText", - "target": "css=div:nth-child(1) > div:nth-child(6) > .d-flex > .d-block:nth-child(1)", + "target": "css=div:nth-child(1) > div:nth-child(7) .d-block:nth-child(1)", "targets": [ - ["css=div:nth-child(1) > div:nth-child(6) > .d-flex > .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[6]/div/span", "xpath:idRelative"], - ["xpath=//div[2]/div[2]/div/div[6]/div/span", "xpath:position"], + ["css=div:nth-child(1) > div:nth-child(7) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:idRelative"], + ["xpath=//div[2]/div[2]/div/div[7]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Boolean Display')]", "xpath:innerText"] ], "value": "Custom Boolean Display" @@ -909,11 +909,11 @@ "id": "662f922e-4d41-4274-b7a3-aae312fe8c36", "comment": "", "command": "assertText", - "target": "css=div:nth-child(1) > div:nth-child(6) > .d-flex > .text-truncate", + "target": "css=div:nth-child(1) > div:nth-child(7) .text-truncate", "targets": [ - ["css=div:nth-child(1) > div:nth-child(6) > .d-flex > .text-truncate", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[6]/div/span[2]", "xpath:idRelative"], - ["xpath=//div[2]/div[2]/div/div[6]/div/span[2]", "xpath:position"] + ["css=div:nth-child(1) > div:nth-child(7) .text-truncate", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:idRelative"], + ["xpath=//div[2]/div[2]/div/div[7]/div/span[2]", "xpath:position"] ], "value": "true" }, { @@ -967,21 +967,21 @@ ["xpath=//div[3]/div/div/div[3]/button", "xpath:position"] ], "value": "" - },{ - "id": "4ec2c493-85e4-403b-9b09-031c5728f498", - "comment": "", - "command": "open", - "target": "/api/heheheheheheheWipeout", - "targets": [], - "value": "" - }, { - "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", - "comment": "", - "command": "assertText", - "target": "css=body", - "targets": [], - "value": "yes, you did it" - }] + }, { + "id": "4ec2c493-85e4-403b-9b09-031c5728f498", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] }], "suites": [{ "id": "4c985215-babb-4f22-8422-505980ce939b", diff --git a/backend/src/integration/resources/SHIBUI-1732-3.side b/backend/src/integration/resources/SHIBUI-1732-3.side index 54573d88b..436cdd74f 100644 --- a/backend/src/integration/resources/SHIBUI-1732-3.side +++ b/backend/src/integration/resources/SHIBUI-1732-3.side @@ -462,11 +462,11 @@ "id": "95c2701d-82d8-4d2d-b83e-82bb4bd2cf8c", "comment": "", "command": "assertText", - "target": "css=.row:nth-child(6) .control-label", + "target": "css=.row:nth-child(7) .control-label", "targets": [ - ["css=.row:nth-child(6) .control-label", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[6]/div/div/div/div/div/div/span", "xpath:idRelative"], - ["xpath=//div[6]/div/div/div/div/div/div/span", "xpath:position"], + ["css=.row:nth-child(7) .control-label", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[7]/div/div/div/div/div/div/span", "xpath:idRelative"], + ["xpath=//div[7]/div/div/div/div/div/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom List Display')]", "xpath:innerText"] ], "value": "Custom List Display" @@ -474,12 +474,12 @@ "id": "d6d968f3-a549-4e0b-8fe0-0ad37d80fea7", "comment": "", "command": "click", - "target": "css=.row:nth-child(6) .array-add-button", + "target": "css=.row:nth-child(7) .array-add-button", "targets": [ - ["css=.row:nth-child(6) .array-add-button", "css:finder"], - ["xpath=(//button[@type='button'])[14]", "xpath:attributes"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[6]/div/div/div/div/div/div/button", "xpath:idRelative"], - ["xpath=//div[6]/div/div/div/div/div/div/button", "xpath:position"] + ["css=.row:nth-child(7) .array-add-button", "css:finder"], + ["xpath=(//button[@type='button'])[15]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[7]/div/div/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[7]/div/div/div/div/div/div/button", "xpath:position"] ], "value": "" }, { @@ -493,7 +493,7 @@ "id": "01d8abc6-d8a5-46d2-9487-d5b02b95521c", "comment": "", "command": "click", - "target": "css=.row:nth-child(6) .array-add-button", + "target": "css=.row:nth-child(7) .array-add-button", "targets": [ ["css=.row:nth-child(6) .array-add-button", "css:finder"], ["xpath=(//button[@type='button'])[14]", "xpath:attributes"], @@ -571,11 +571,11 @@ "id": "9ce37583-508a-4ed4-9027-3b7c1f408895", "comment": "", "command": "assertText", - "target": "css=.align-items-start:nth-child(6) > .p-2", + "target": "css=.align-items-start:nth-child(7) > .p-2", "targets": [ - ["css=.align-items-start:nth-child(6) > .p-2", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[6]/span", "xpath:idRelative"], - ["xpath=//div[6]/span", "xpath:position"], + ["css=.align-items-start:nth-child(7) > .p-2", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[7]/span", "xpath:idRelative"], + ["xpath=//div[7]/span", "xpath:position"], ["xpath=//span[contains(.,'Custom List Display')]", "xpath:innerText"] ], "value": "Custom List Display" @@ -586,7 +586,7 @@ "target": "css=.align-items-center:nth-child(1) > .d-block", "targets": [ ["css=.align-items-center:nth-child(1) > .d-block", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[6]/ul/li/span", "xpath:idRelative"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[7]/ul/li/span", "xpath:idRelative"], ["xpath=//li/span", "xpath:position"], ["xpath=//span[contains(.,'baz')]", "xpath:innerText"] ], @@ -598,7 +598,7 @@ "target": "css=.d-flex:nth-child(2) > .d-block", "targets": [ ["css=.d-flex:nth-child(2) > .d-block", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[6]/ul/li[2]/span", "xpath:idRelative"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[7]/ul/li[2]/span", "xpath:idRelative"], ["xpath=//li[2]/span", "xpath:position"], ["xpath=//span[contains(.,'bar')]", "xpath:innerText"] ], @@ -634,14 +634,19 @@ "id": "63e0b87d-4da3-4fb8-aa9f-6412e0562709", "comment": "", "command": "waitForElementVisible", - "target": "css=main > div > section > div > div > section:nth-child(9) > div > div.p-2 > div:nth-child(2) > div > div:nth-child(6) > ul > li:nth-child(1) > span", - "targets": [], + "target": "css=.align-items-start:nth-child(7) > .p-2", + "targets": [ + ["css=.align-items-start:nth-child(7) > .p-2", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/span", "xpath:idRelative"], + ["xpath=//div[7]/span", "xpath:position"], + ["xpath=//span[contains(.,'Custom List Display')]", "xpath:innerText"] + ], "value": "30000" }, { "id": "bc1292d6-d326-4146-baa8-62d9f4e97cf0", "comment": "", "command": "assertText", - "target": "css=main > div > section > div > div > section:nth-child(9) > div > div.p-2 > div:nth-child(2) > div > div:nth-child(6) > span", + "target": "css=.align-items-start:nth-child(7) > .p-2", "targets": [ ["css=.align-items-start:nth-child(6) > .p-2", "css:finder"], ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[6]/span", "xpath:idRelative"], @@ -653,10 +658,10 @@ "id": "296ea08c-0cb0-40a4-8111-3de97b28e099", "comment": "", "command": "assertText", - "target": "css=main > div > section > div > div > section:nth-child(9) > div > div.p-2 > div:nth-child(2) > div > div:nth-child(6) > ul > li:nth-child(1) > span", + "target": "css=.align-items-center:nth-child(1) > .d-block", "targets": [ ["css=.align-items-center:nth-child(1) > .d-block", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[6]/ul/li/span", "xpath:idRelative"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/ul/li/span", "xpath:idRelative"], ["xpath=//ul/li/span", "xpath:position"], ["xpath=//span[contains(.,'baz')]", "xpath:innerText"] ], @@ -665,10 +670,10 @@ "id": "9b4d38f8-e630-463b-b7a6-1073f2092cda", "comment": "", "command": "assertText", - "target": "css=main > div > section > div > div > section:nth-child(9) > div > div.p-2 > div:nth-child(2) > div > div:nth-child(6) > ul > li:nth-child(2) > span", + "target": "css=.d-flex:nth-child(2) > .d-block", "targets": [ ["css=.d-flex:nth-child(2) > .d-block", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[6]/ul/li[2]/span", "xpath:idRelative"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/ul/li[2]/span", "xpath:idRelative"], ["xpath=//ul/li[2]/span", "xpath:position"], ["xpath=//span[contains(.,'bar')]", "xpath:innerText"] ], @@ -749,17 +754,22 @@ "id": "5e82eb5e-ac64-4f01-8362-af72c19978b8", "comment": "", "command": "waitForElementVisible", - "target": "css=main > div > section > div > div > section:nth-child(9) > div > div.p-2 > div:nth-child(2) > div > div:nth-child(6) > ul > li:nth-child(1) > span", - "targets": [], + "target": "css=.align-items-center:nth-child(1) > .d-block", + "targets": [ + ["css=.align-items-start:nth-child(7) > .p-2", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/span", "xpath:idRelative"], + ["xpath=//div[7]/span", "xpath:position"], + ["xpath=//span[contains(.,'Custom List Display')]", "xpath:innerText"] + ], "value": "30000" }, { "id": "5e43fd63-8e71-4bf6-a7da-91ed55c202a2", "comment": "", "command": "assertText", - "target": "css=main > div > section > div > div > section:nth-child(9) > div > div.p-2 > div:nth-child(2) > div > div:nth-child(6) > ul > li:nth-child(1) > span", + "target": "css=.align-items-center:nth-child(1) > .d-block", "targets": [ ["css=.align-items-center:nth-child(1) > .d-block", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[6]/ul/li/span", "xpath:idRelative"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/ul/li/span", "xpath:idRelative"], ["xpath=//ul/li/span", "xpath:position"], ["xpath=//span[contains(.,'foo')]", "xpath:innerText"] ], @@ -768,10 +778,10 @@ "id": "b023fa7f-ec8a-4bb7-84cd-c0fbcb721aac", "comment": "", "command": "assertText", - "target": "css=main > div > section > div > div > section:nth-child(9) > div > div.p-2 > div:nth-child(2) > div > div:nth-child(6) > ul > li:nth-child(2) > span", + "target": "css=.d-flex:nth-child(2) > .d-block", "targets": [ ["css=.d-flex:nth-child(2) > .d-block", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[6]/ul/li[2]/span", "xpath:idRelative"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/ul/li[2]/span", "xpath:idRelative"], ["xpath=//ul/li[2]/span", "xpath:position"], ["xpath=//span[contains(.,'bar')]", "xpath:innerText"] ], @@ -1079,11 +1089,11 @@ "id": "f4efaf0c-a75f-4016-8808-1db34e6c29f2", "comment": "", "command": "assertText", - "target": "css=.row:nth-child(6) .control-label", + "target": "css=.row:nth-child(7) > .col-12 > .mb-3 > div > .p-0 > .p-0 .control-label", "targets": [ - ["css=.row:nth-child(6) .control-label", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[6]/div/div/div/div/div/div/span", "xpath:idRelative"], - ["xpath=//div[6]/div/div/div/div/div/div/span", "xpath:position"], + ["css=.row:nth-child(7) > .col-12 > .mb-3 > div > .p-0 > .p-0 .control-label", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[7]/div/div/div/div/div/div/span", "xpath:idRelative"], + ["xpath=//div[7]/div/div/div/div/div/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom List Display')]", "xpath:innerText"] ], "value": "Custom List Display" @@ -1091,12 +1101,12 @@ "id": "61f236f1-5170-4b98-ac5b-7262a65a7bb7", "comment": "", "command": "click", - "target": "css=.row:nth-child(6) .array-add-button", + "target": "css=.row:nth-child(7) > .col-12 > .mb-3 > div > .p-0 > .p-0 .array-add-button", "targets": [ - ["css=.row:nth-child(6) .array-add-button", "css:finder"], - ["xpath=(//button[@type='button'])[19]", "xpath:attributes"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[6]/div/div/div/div/div/div/button", "xpath:idRelative"], - ["xpath=//div[6]/div/div/div/div/div/div/button", "xpath:position"] + ["css=.row:nth-child(7) > .col-12 > .mb-3 > div > .p-0 > .p-0 .array-add-button", "css:finder"], + ["xpath=(//button[@type='button'])[20]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[7]/div/div/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[7]/div/div/div/div/div/div/button", "xpath:position"] ], "value": "" }, { @@ -1156,11 +1166,11 @@ "id": "5d21315a-5180-4d09-9a02-a7739af2d452", "comment": "", "command": "assertText", - "target": "css=.align-items-start:nth-child(6) > .p-2", + "target": "css=.align-items-start:nth-child(7) > .p-2", "targets": [ - ["css=.align-items-start:nth-child(6) > .p-2", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[6]/span", "xpath:idRelative"], - ["xpath=//div[6]/span", "xpath:position"], + ["css=.align-items-start:nth-child(7) > .p-2", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[7]/span", "xpath:idRelative"], + ["xpath=//div[7]/span", "xpath:position"], ["xpath=//span[contains(.,'Custom List Display')]", "xpath:innerText"] ], "value": "Custom List Display" @@ -1168,11 +1178,11 @@ "id": "f357c4e6-acbb-4f90-ba48-18f6afec80f5", "comment": "", "command": "assertText", - "target": "css=.d-flex:nth-child(6) .d-block", + "target": "css=.d-flex:nth-child(7) .d-block", "targets": [ - ["css=.d-flex:nth-child(6) .d-block", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[6]/ul/li/span", "xpath:idRelative"], - ["xpath=//div[6]/ul/li/span", "xpath:position"], + ["css=.d-flex:nth-child(7) .d-block", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[7]/ul/li/span", "xpath:idRelative"], + ["xpath=//div[7]/ul/li/span", "xpath:position"], ["xpath=//span[contains(.,'bar')]", "xpath:innerText"] ], "value": "bar" @@ -1207,12 +1217,12 @@ "id": "774df87c-643a-4c71-985c-f7920f956fb6", "comment": "", "command": "click", - "target": "css=.row:nth-child(6) .array-add-button", + "target": "css=.row:nth-child(7) > .col-12 > .mb-3 > div > .p-0 > .p-0 .array-add-button", "targets": [ - ["css=.row:nth-child(6) .array-add-button", "css:finder"], - ["xpath=(//button[@type='button'])[18]", "xpath:attributes"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[6]/div/div/div/div/div/div/button", "xpath:idRelative"], - ["xpath=//div[6]/div/div/div/div/div/div/button", "xpath:position"] + ["css=.row:nth-child(7) > .col-12 > .mb-3 > div > .p-0 > .p-0 .array-add-button", "css:finder"], + ["xpath=(//button[@type='button'])[19]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[7]/div/div/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[7]/div/div/div/div/div/div/button", "xpath:position"] ], "value": "" }, { @@ -1252,11 +1262,11 @@ "id": "83aa335b-5efb-4ca2-9e41-f06213cc68e2", "comment": "", "command": "assertText", - "target": "css=.d-flex:nth-child(6) .d-flex:nth-child(1) > .d-block", + "target": "css=.d-flex:nth-child(7) .d-flex:nth-child(1) > .d-block", "targets": [ - ["css=.d-flex:nth-child(6) .d-flex:nth-child(1) > .d-block", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[6]/ul/li/span", "xpath:idRelative"], - ["xpath=//div[6]/ul/li/span", "xpath:position"], + ["css=.d-flex:nth-child(7) .d-flex:nth-child(1) > .d-block", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[7]/ul/li/span", "xpath:idRelative"], + ["xpath=//div[7]/ul/li/span", "xpath:position"], ["xpath=//span[contains(.,'bar')]", "xpath:innerText"] ], "value": "bar" @@ -1267,7 +1277,7 @@ "target": "css=.d-flex:nth-child(2) > .d-block", "targets": [ ["css=.d-flex:nth-child(2) > .d-block", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[6]/ul/li[2]/span", "xpath:idRelative"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[7]/ul/li[2]/span", "xpath:idRelative"], ["xpath=//ul/li[2]/span", "xpath:position"] ], "value": "foo" @@ -1359,11 +1369,11 @@ "id": "60be08c4-004e-4a41-907c-e82fdbedddf2", "comment": "", "command": "assertText", - "target": "css=.d-flex:nth-child(6) > .list-unstyled:nth-child(3) > .d-flex:nth-child(1) > .d-block", + "target": "css=.d-flex:nth-child(7) > .list-unstyled:nth-child(3) > .d-flex:nth-child(1) > .d-block", "targets": [ - ["css=.d-flex:nth-child(6) > .list-unstyled:nth-child(3) > .d-flex:nth-child(1) > .d-block", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[6]/div/div[2]/div[2]/div/div[6]/ul/li/span", "xpath:idRelative"], - ["xpath=//div[6]/ul/li/span", "xpath:position"], + ["css=.d-flex:nth-child(7) > .list-unstyled:nth-child(3) > .d-flex:nth-child(1) > .d-block", "css:finder"], + ["xpath=//div[@id='filters']/section[2]/div/div[2]/div[2]/div/div[7]/ul/li/span", "xpath:idRelative"], + ["xpath=//div[7]/ul/li/span", "xpath:position"], ["xpath=//span[contains(.,'bar')]", "xpath:innerText"] ], "value": "bar" @@ -1374,7 +1384,7 @@ "target": "css=.d-flex:nth-child(2) > .d-block", "targets": [ ["css=.d-flex:nth-child(2) > .d-block", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[6]/div/div[2]/div[2]/div/div[6]/ul/li[2]/span", "xpath:idRelative"], + ["xpath=//div[@id='filters']/section[2]/div/div[2]/div[2]/div/div[7]/ul/li[2]/span", "xpath:idRelative"], ["xpath=//ul/li[2]/span", "xpath:position"] ], "value": "foo" @@ -1385,8 +1395,8 @@ "target": "css=.list-unstyled:nth-child(4) .d-block", "targets": [ ["css=.list-unstyled:nth-child(4) .d-block", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[6]/div/div[2]/div[2]/div/div[6]/ul[2]/li/span", "xpath:idRelative"], - ["xpath=//div[6]/ul[2]/li/span", "xpath:position"] + ["xpath=//div[@id='filters']/section[2]/div/div[2]/div[2]/div/div[7]/ul[2]/li/span", "xpath:idRelative"], + ["xpath=//div[7]/ul[2]/li/span", "xpath:position"] ], "value": "bar" }, { diff --git a/backend/src/integration/resources/SHIBUI-1732-4.side b/backend/src/integration/resources/SHIBUI-1732-4.side index 214a49cbd..707dc5808 100644 --- a/backend/src/integration/resources/SHIBUI-1732-4.side +++ b/backend/src/integration/resources/SHIBUI-1732-4.side @@ -374,11 +374,11 @@ "id": "fc60ee8f-44fb-4e6a-b445-a7f78d13ee0b", "comment": "", "command": "assertText", - "target": "css=.row:nth-child(7) span", + "target": "css=.row:nth-child(8) .form-label > span", "targets": [ - ["css=.row:nth-child(7) span", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[7]/div/div/div/div/label/span", "xpath:idRelative"], - ["xpath=//div[7]/div/div/div/div/label/span", "xpath:position"], + ["css=.row:nth-child(8) .form-label > span", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[8]/div/div/div/div/label/span", "xpath:idRelative"], + ["xpath=//div[8]/div/div/div/div/label/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Long Display')]", "xpath:innerText"] ], "value": "Custom Long Display" @@ -449,11 +449,11 @@ "id": "7da12988-b453-4025-adba-cc1b9e916a2f", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(1)", + "target": "css=div:nth-child(8) .d-block:nth-child(1)", "targets": [ - ["css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:idRelative"], - ["xpath=//section[8]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:position"], + ["css=div:nth-child(8) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[8]/div/span", "xpath:idRelative"], + ["xpath=//div[8]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Long Display')]", "xpath:innerText"] ], "value": "Custom Long Display" @@ -461,11 +461,11 @@ "id": "ad3b6ecd-ad20-4a8e-be55-b9cda50e7091", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(2)", + "target": "css=div:nth-child(8) .text-truncate", "targets": [ - ["css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(2)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:idRelative"], - ["xpath=//section[8]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:position"], + ["css=div:nth-child(8) .text-truncate", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[8]/div/span[2]", "xpath:idRelative"], + ["xpath=//div[8]/div/span[2]", "xpath:position"], ["xpath=//span[contains(.,'999999999999999999')]", "xpath:innerText"] ], "value": "999999999999999999" @@ -500,18 +500,23 @@ "id": "2b68bce2-618f-4ff8-b5e4-8c5625b5daf3", "comment": "", "command": "waitForElementVisible", - "target": "css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(1)", - "targets": [], - "value": "Custom Long Display" + "target": "css=div:nth-child(8) .d-block:nth-child(1)", + "targets": [ + ["css=div:nth-child(8) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[8]/div/span", "xpath:idRelative"], + ["xpath=//div[8]/div/span", "xpath:position"], + ["xpath=//span[contains(.,'Custom Long Display')]", "xpath:innerText"] + ], + "value": "30000" }, { "id": "4f6f46bd-cbb0-4d04-a637-f6c33b394488", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(1)", + "target": "css=div:nth-child(8) .d-block:nth-child(1)", "targets": [ - ["css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:idRelative"], - ["xpath=//section[7]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:position"], + ["css=div:nth-child(8) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[8]/div/span", "xpath:idRelative"], + ["xpath=//div/div[8]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Long Display')]", "xpath:innerText"] ], "value": "Custom Long Display" @@ -519,11 +524,11 @@ "id": "ddc15b34-fa22-4a4a-a739-fab21337c82d", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(2)", + "target": "css=div:nth-child(8) .text-truncate", "targets": [ - ["css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(2)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:idRelative"], - ["xpath=//section[7]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:position"], + ["css=div:nth-child(8) .text-truncate", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[8]/div/span[2]", "xpath:idRelative"], + ["xpath=//div[8]/div/span[2]", "xpath:position"], ["xpath=//span[contains(.,'999999999999999999')]", "xpath:innerText"] ], "value": "999999999999999999" @@ -830,11 +835,11 @@ "id": "af84ef03-8d0a-4201-b217-40926b723582", "comment": "", "command": "assertText", - "target": "css=.row:nth-child(7) > .col-12 > .mb-3 > div > div > .form-label > span", + "target": "css=.row:nth-child(8) .form-label > span", "targets": [ - ["css=.row:nth-child(7) > .col-12 > .mb-3 > div > div > .form-label > span", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[7]/div/div/div/div/label/span", "xpath:idRelative"], - ["xpath=//div[7]/div/div/div/div/label/span", "xpath:position"], + ["css=.row:nth-child(8) .form-label > span", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[8]/div/div/div/div/label/span", "xpath:idRelative"], + ["xpath=//div[8]/div/div/div/div/label/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Long Display')]", "xpath:innerText"] ], "value": "Custom Long Display" @@ -921,11 +926,11 @@ "id": "46402b0f-8b3c-459b-a325-665eafbb79f3", "comment": "", "command": "assertText", - "target": "css=div:nth-child(1) > div:nth-child(7) .d-block:nth-child(1)", + "target": "css=.mb-4:nth-child(4) div:nth-child(8) .d-block:nth-child(1)", "targets": [ - ["css=div:nth-child(1) > div:nth-child(7) .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:idRelative"], - ["xpath=//div[2]/div[2]/div/div[7]/div/span", "xpath:position"], + ["css=.mb-4:nth-child(4) div:nth-child(8) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[8]/div/span", "xpath:idRelative"], + ["xpath=//section[2]/div/div[2]/div[2]/div/div[8]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Long Display')]", "xpath:innerText"] ], "value": "Custom Long Display" @@ -933,11 +938,11 @@ "id": "3064a431-f448-44c2-bc90-1dc746bf0f83", "comment": "", "command": "assertText", - "target": "css=div:nth-child(1) > div:nth-child(7) .text-truncate", + "target": "css=.mb-4:nth-child(4) div:nth-child(8) .d-block:nth-child(2)", "targets": [ - ["css=div:nth-child(1) > div:nth-child(7) .text-truncate", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:idRelative"], - ["xpath=//div[2]/div[2]/div/div[7]/div/span[2]", "xpath:position"], + ["css=.mb-4:nth-child(4) div:nth-child(8) .d-block:nth-child(2)", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[8]/div/span[2]", "xpath:idRelative"], + ["xpath=//section[2]/div/div[2]/div[2]/div/div[8]/div/span[2]", "xpath:position"], ["xpath=//span[contains(.,'999999999999999999')]", "xpath:innerText"] ], "value": "999999999999999999" diff --git a/backend/src/integration/resources/SHIBUI-1732-5.side b/backend/src/integration/resources/SHIBUI-1732-5.side index f9886d3f5..8991b0941 100644 --- a/backend/src/integration/resources/SHIBUI-1732-5.side +++ b/backend/src/integration/resources/SHIBUI-1732-5.side @@ -374,11 +374,11 @@ "id": "7e4914a1-bd67-451b-8618-ec89fbbdc608", "comment": "", "command": "assertText", - "target": "css=.row:nth-child(6) span", + "target": "css=.row:nth-child(7) .form-label > span", "targets": [ - ["css=.row:nth-child(6) span", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[6]/div/div/div/div/label/span", "xpath:idRelative"], - ["xpath=//div[6]/div/div/div/div/label/span", "xpath:position"], + ["css=.row:nth-child(7) .form-label > span", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[7]/div/div/div/div/label/span", "xpath:idRelative"], + ["xpath=//div[7]/div/div/div/div/label/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Double Display')]", "xpath:innerText"] ], "value": "Custom Double Display" @@ -449,11 +449,11 @@ "id": "6a2b0c7e-4629-4f02-9361-ef6afdb97227", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(8) div:nth-child(6) .d-block:nth-child(1)", + "target": "css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(1)", "targets": [ - ["css=.mb-4:nth-child(8) div:nth-child(6) .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[6]/div/span", "xpath:idRelative"], - ["xpath=//section[8]/div/div[2]/div[2]/div/div[6]/div/span", "xpath:position"], + ["css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:idRelative"], + ["xpath=//section[8]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Double Display')]", "xpath:innerText"] ], "value": "Custom Double Display" @@ -461,11 +461,11 @@ "id": "75f95b74-c4e5-49a3-858f-a516ca1ac57e", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(8) div:nth-child(6) .d-block:nth-child(2)", + "target": "css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(2)", "targets": [ - ["css=.mb-4:nth-child(8) div:nth-child(6) .d-block:nth-child(2)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[6]/div/span[2]", "xpath:idRelative"], - ["xpath=//section[8]/div/div[2]/div[2]/div/div[6]/div/span[2]", "xpath:position"], + ["css=.mb-4:nth-child(8) div:nth-child(7) .d-block:nth-child(2)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:idRelative"], + ["xpath=//section[8]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:position"], ["xpath=//span[contains(.,'3.141592653589')]", "xpath:innerText"] ], "value": "3.141592653589" @@ -507,11 +507,11 @@ "id": "bfe564c1-7a44-4e18-8e12-f9a2069ca022", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(9) div:nth-child(6) .d-block:nth-child(1)", + "target": "css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(1)", "targets": [ - ["css=.mb-4:nth-child(9) div:nth-child(6) .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[6]/div/span", "xpath:idRelative"], - ["xpath=//section[7]/div/div[2]/div[2]/div/div[6]/div/span", "xpath:position"], + ["css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:idRelative"], + ["xpath=//section[7]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Double Display')]", "xpath:innerText"] ], "value": "Custom Double Display" @@ -519,11 +519,11 @@ "id": "822de10a-24bc-45ca-a28c-242f880b7d11", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(9) div:nth-child(6) .d-block:nth-child(2)", + "target": "css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(2)", "targets": [ - ["css=.mb-4:nth-child(9) div:nth-child(6) .d-block:nth-child(2)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[6]/div/span[2]", "xpath:idRelative"], - ["xpath=//section[7]/div/div[2]/div[2]/div/div[6]/div/span[2]", "xpath:position"], + ["css=.mb-4:nth-child(9) div:nth-child(7) .d-block:nth-child(2)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:idRelative"], + ["xpath=//section[7]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:position"], ["xpath=//span[contains(.,'3.141592653589')]", "xpath:innerText"] ], "value": "3.141592653589" @@ -837,11 +837,11 @@ "id": "302b95c3-ca6d-4f67-9553-d248544a121c", "comment": "", "command": "assertText", - "target": "css=.row:nth-child(6) span", + "target": "css=.row:nth-child(7) > .col-12 > .mb-3 > div > div > .form-label > span", "targets": [ - ["css=.row:nth-child(6) span", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[6]/div/div/div/div/label/span", "xpath:idRelative"], - ["xpath=//div[6]/div/div/div/div/label/span", "xpath:position"], + ["css=.row:nth-child(7) > .col-12 > .mb-3 > div > div > .form-label > span", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[7]/div/div/div/div/label/span", "xpath:idRelative"], + ["xpath=//div[7]/div/div/div/div/label/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Double Display')]", "xpath:innerText"] ], "value": "Custom Double Display" @@ -928,11 +928,11 @@ "id": "692d0155-2e73-45da-ba35-180e2195045e", "comment": "", "command": "assertText", - "target": "css=div:nth-child(1) > div:nth-child(6) > .d-flex > .d-block:nth-child(1)", + "target": "css=div:nth-child(1) > div:nth-child(7) .d-block:nth-child(1)", "targets": [ - ["css=div:nth-child(1) > div:nth-child(6) > .d-flex > .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[6]/div/span", "xpath:idRelative"], - ["xpath=//div[2]/div[2]/div/div[6]/div/span", "xpath:position"], + ["css=div:nth-child(1) > div:nth-child(7) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[7]/div/span", "xpath:idRelative"], + ["xpath=//div[2]/div[2]/div/div[7]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Double Display')]", "xpath:innerText"] ], "value": "Custom Double Display" @@ -940,11 +940,11 @@ "id": "fc1c7695-9b42-413f-9c17-a3fcce2be919", "comment": "", "command": "assertText", - "target": "css=div:nth-child(1) > div:nth-child(6) > .d-flex > .text-truncate", + "target": "css=div:nth-child(1) > div:nth-child(7) .text-truncate", "targets": [ - ["css=div:nth-child(1) > div:nth-child(6) > .d-flex > .text-truncate", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[6]/div/span[2]", "xpath:idRelative"], - ["xpath=//div[2]/div[2]/div/div[6]/div/span[2]", "xpath:position"], + ["css=div:nth-child(1) > div:nth-child(7) .text-truncate", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[7]/div/span[2]", "xpath:idRelative"], + ["xpath=//div[2]/div[2]/div/div[7]/div/span[2]", "xpath:position"], ["xpath=//span[contains(.,'3.141592653589')]", "xpath:innerText"] ], "value": "3.141592653589" @@ -1006,21 +1006,21 @@ "target": "css=table > tbody > tr", "targets": [], "value": "" - },{ - "id": "4ec2c493-85e4-403b-9b09-031c5728f498", - "comment": "", - "command": "open", - "target": "/api/heheheheheheheWipeout", - "targets": [], - "value": "" - }, { - "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", - "comment": "", - "command": "assertText", - "target": "css=body", - "targets": [], - "value": "yes, you did it" - }] + }, { + "id": "4ec2c493-85e4-403b-9b09-031c5728f498", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] }], "suites": [{ "id": "575d414c-556d-45f7-b2f2-c9971ad51348", diff --git a/backend/src/integration/resources/SHIBUI-1732-7.side b/backend/src/integration/resources/SHIBUI-1732-7.side index 1403a1b68..cd8f4786d 100644 --- a/backend/src/integration/resources/SHIBUI-1732-7.side +++ b/backend/src/integration/resources/SHIBUI-1732-7.side @@ -374,11 +374,11 @@ "id": "b5aaed88-02ef-49b7-93fb-55c179ae27c1", "comment": "", "command": "assertText", - "target": "css=.row:nth-child(9) span", + "target": "css=.row:nth-child(10) .form-label > span", "targets": [ - ["css=.row:nth-child(9) span", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[9]/div/div/div/div/label/span", "xpath:idRelative"], - ["xpath=//div[9]/div/div/div/div/label/span", "xpath:position"], + ["css=.row:nth-child(10) .form-label > span", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[10]/div/div/div/div/label/span", "xpath:idRelative"], + ["xpath=//div[10]/div/div/div/div/label/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Spring Display')]", "xpath:innerText"] ], "value": "Custom Spring Display" @@ -476,30 +476,35 @@ "id": "e888dee8-ae1c-4abe-884f-08829c3767b9", "comment": "", "command": "waitForElementVisible", - "target": "css=div:nth-child(9) .d-block:nth-child(1)", - "targets": [], + "target": "css=div:nth-child(10) .d-block:nth-child(1)", + "targets": [ + ["css=div:nth-child(10) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[10]/div/span", "xpath:idRelative"], + ["xpath=//div[10]/div/span", "xpath:position"], + ["xpath=//span[contains(.,'Custom Spring Display')]", "xpath:innerText"] + ], "value": "30000" }, { "id": "fe8b707d-37b1-4369-8f0f-574edbdec412", "comment": "", "command": "assertText", - "target": "css=div:nth-child(9) .d-block:nth-child(1)", + "target": "css=div:nth-child(10) .d-block:nth-child(1)", "targets": [ - ["css=div:nth-child(9) .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[9]/div/span", "xpath:idRelative"], - ["xpath=//div[9]/div/span", "xpath:position"], - ["xpath=//span[contains(.,'Custom Spring Display')]", "xpath:innerText"] + ["css=div:nth-child(10) .text-truncate", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[10]/div/span[2]", "xpath:idRelative"], + ["xpath=//div[10]/div/span[2]", "xpath:position"], + ["xpath=//span[contains(.,'Custom Spring Bean Default Edited')]", "xpath:innerText"] ], "value": "Custom Spring Display" }, { "id": "3846ad98-da0d-4b51-abda-4c06225033c2", "comment": "", "command": "assertText", - "target": "css=div:nth-child(9) .text-truncate", + "target": "css=div:nth-child(10) .text-truncate", "targets": [ - ["css=div:nth-child(9) .text-truncate", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[9]/div/span[2]", "xpath:idRelative"], - ["xpath=//div[9]/div/span[2]", "xpath:position"], + ["css=div:nth-child(10) .text-truncate", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[10]/div/span[2]", "xpath:idRelative"], + ["xpath=//div[10]/div/span[2]", "xpath:position"], ["xpath=//span[contains(.,'Custom Spring Bean Default Edited')]", "xpath:innerText"] ], "value": "Custom Spring Bean Default Edited" @@ -820,11 +825,11 @@ "id": "fbef6ebb-1f20-4dcd-a907-735e4113c382", "comment": "", "command": "assertText", - "target": "css=.row:nth-child(9) span", + "target": "css=.row:nth-child(10) .form-label > span", "targets": [ - ["css=.row:nth-child(9) span", "css:finder"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[9]/div/div/div/div/label/span", "xpath:idRelative"], - ["xpath=//div[9]/div/div/div/div/label/span", "xpath:position"], + ["css=.row:nth-child(10) .form-label > span", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[10]/div/div/div/div/label/span", "xpath:idRelative"], + ["xpath=//div[10]/div/div/div/div/label/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Spring Display')]", "xpath:innerText"] ], "value": "Custom Spring Display" @@ -837,8 +842,8 @@ ["id=root_relyingPartyOverrides_CustomSpringBean", "id"], ["css=#root_relyingPartyOverrides_CustomSpringBean", "css:finder"], ["xpath=//input[@id='root_relyingPartyOverrides_CustomSpringBean']", "xpath:attributes"], - ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[9]/div/div/div/div/input", "xpath:idRelative"], - ["xpath=//div[9]/div/div/div/div/input", "xpath:position"] + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[7]/div/div/div/div/div[10]/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div[10]/div/div/div/div/input", "xpath:position"] ], "value": "Custom Spring Bean Default" }, { @@ -904,11 +909,11 @@ "id": "47f8360f-1b8d-4e0f-9792-e51d34dbee95", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(4) div:nth-child(9) .d-block:nth-child(1)", + "target": "css=.mb-4:nth-child(4) div:nth-child(10) .d-block:nth-child(1)", "targets": [ - ["css=.mb-4:nth-child(4) div:nth-child(9) .d-block:nth-child(1)", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[9]/div/span", "xpath:idRelative"], - ["xpath=//section[2]/div/div[2]/div[2]/div/div[9]/div/span", "xpath:position"], + ["css=.mb-4:nth-child(4) div:nth-child(10) .d-block:nth-child(1)", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[10]/div/span", "xpath:idRelative"], + ["xpath=//section[2]/div/div[2]/div[2]/div/div[10]/div/span", "xpath:position"], ["xpath=//span[contains(.,'Custom Spring Display')]", "xpath:innerText"] ], "value": "Custom Spring Display" @@ -916,11 +921,11 @@ "id": "93126f8b-823c-4b79-87c8-df32ece80ad6", "comment": "", "command": "assertText", - "target": "css=.mb-4:nth-child(4) div:nth-child(9) .d-block:nth-child(2)", + "target": "css=.mb-4:nth-child(4) div:nth-child(10) .d-block:nth-child(2)", "targets": [ - ["css=.mb-4:nth-child(4) div:nth-child(9) .d-block:nth-child(2)", "css:finder"], - ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[9]/div/span[2]", "xpath:idRelative"], - ["xpath=//section[2]/div/div[2]/div[2]/div/div[9]/div/span[2]", "xpath:position"], + ["css=.mb-4:nth-child(4) div:nth-child(10) .d-block:nth-child(2)", "css:finder"], + ["xpath=//div[@id='filters']/ul/li/div[2]/section[2]/div/div[2]/div[2]/div/div[10]/div/span[2]", "xpath:idRelative"], + ["xpath=//section[2]/div/div[2]/div[2]/div/div[10]/div/span[2]", "xpath:position"], ["xpath=//span[contains(.,'Custom Spring Bean Default Edited')]", "xpath:innerText"] ], "value": "Custom Spring Bean Default Edited" @@ -982,21 +987,21 @@ "target": "css=table > tbody > tr", "targets": [], "value": "" - },{ - "id": "4ec2c493-85e4-403b-9b09-031c5728f498", - "comment": "", - "command": "open", - "target": "/api/heheheheheheheWipeout", - "targets": [], - "value": "" - }, { - "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", - "comment": "", - "command": "assertText", - "target": "css=body", - "targets": [], - "value": "yes, you did it" - }] + }, { + "id": "4ec2c493-85e4-403b-9b09-031c5728f498", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] }], "suites": [{ "id": "575d414c-556d-45f7-b2f2-c9971ad51348", diff --git a/backend/src/integration/resources/SHIBUI-2267.side b/backend/src/integration/resources/SHIBUI-2267.side new file mode 100644 index 000000000..ac4919662 --- /dev/null +++ b/backend/src/integration/resources/SHIBUI-2267.side @@ -0,0 +1,455 @@ +{ + "id": "1b31a551-eb09-4bd4-8db9-694bf1539a46", + "version": "2.0", + "name": "SHIBUI-2267", + "url": "http://localhost:10101", + "tests": [{ + "id": "841ade0e-83bd-4a4b-94f2-de6bd5c536b2", + "name": "SHIBUI-2267", + "commands": [{ + "id": "d6b23986-6d14-4b10-be7b-a7e6f576e3b2", + "comment": "", + "command": "open", + "target": "/login", + "targets": [], + "value": "" + }, { + "id": "f77ecd77-01c2-4463-944e-1a69600f5297", + "comment": "", + "command": "type", + "target": "name=username", + "targets": [ + ["name=username", "name"], + ["css=tr:nth-child(1) input", "css:finder"], + ["xpath=//input[@name='username']", "xpath:attributes"], + ["xpath=//input", "xpath:position"] + ], + "value": "admin" + }, { + "id": "c9bf0a22-faa9-494c-b2ed-6c9653248551", + "comment": "", + "command": "type", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "adminpass" + }, { + "id": "7ab1d854-3582-4101-bd19-f94b8f438090", + "comment": "", + "command": "sendKeys", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "${KEY_ENTER}" + }, { + "id": "4059cae7-b9f9-49d0-a213-343bcaba66d1", + "comment": "", + "command": "waitForElementVisible", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "f03af8d5-5875-4a2c-b93a-c3ddcbd4b16a", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "081f495b-4d84-4758-824c-1e85b6311e7f", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }, { + "id": "9e912dd5-6ace-45be-bafd-2d1655906575", + "comment": "", + "command": "open", + "target": "/", + "targets": [], + "value": "" + }, { + "id": "ad3811ad-f95b-4cca-a5d9-63a10063a652", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [ + ["id=metadata-nav-dropdown-toggle", "id"], + ["css=#metadata-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='metadata-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[2]/button", "xpath:position"], + ["xpath=//button[contains(.,'Add New')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "1caf8be6-a4d9-4b3b-ace1-0f76d3600d62", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-source", + "targets": [ + ["id=metadata-nav-dropdown-source", "id"], + ["linkText=Add a new metadata source", "linkText"], + ["css=#metadata-nav-dropdown-source", "css:finder"], + ["xpath=//a[contains(text(),'Add a new metadata source')]", "xpath:link"], + ["xpath=//a[@id='metadata-nav-dropdown-source']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/source/new')]", "xpath:href"], + ["xpath=//div[2]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'Add a new metadata source')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "218e51fd-49e6-400b-9d7f-61bcd8e0c074", + "comment": "", + "command": "click", + "target": "id=root_serviceProviderName", + "targets": [ + ["id=root_serviceProviderName", "id"], + ["css=#root_serviceProviderName", "css:finder"], + ["xpath=//input[@id='root_serviceProviderName']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/div/form/div/div/div/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "" + }, { + "id": "9ee43e46-ab9e-46b1-8eb2-9718fb98bda2", + "comment": "", + "command": "type", + "target": "id=root_serviceProviderName", + "targets": [ + ["id=field1", "id"], + ["name=field1", "name"], + ["css=#field1", "css:finder"], + ["xpath=//input[@id='field1']", "xpath:attributes"], + ["xpath=//input", "xpath:position"] + ], + "value": "Ignore Request Signatures Test" + }, { + "id": "7fe7298b-275c-4797-8d1b-f4547b63eb02", + "comment": "", + "command": "type", + "target": "id=root_entityId", + "targets": [ + ["id=root_entityId", "id"], + ["css=#root_entityId", "css:finder"], + ["xpath=//input[@id='root_entityId']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/div/form/div/div/div/div/div/div[2]/div/div/input", "xpath:idRelative"], + ["xpath=//div[2]/div/div/input", "xpath:position"] + ], + "value": "test-1234" + }, { + "id": "8739ddfa-7812-46b3-bee7-b4bc73a3dd35", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "fdda1155-876f-46a4-ae4f-c3519ed34b62", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "79c55e8f-286d-4c64-a1bc-1a19a7554f7a", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "4f61120b-7c6b-4f8e-8543-898298451a56", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "8a2a07b4-9e37-467b-bca8-1ecd0f2dda49", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "a47fdf43-1336-4fdb-a395-f14f0fe131de", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "4e64d71e-8e6f-4288-b277-3d3945f57c53", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "51e71f30-c1e5-454b-bacb-6f1a2b3b6c13", + "comment": "", + "command": "click", + "target": "id=root_relyingPartyOverrides_ignoreRequestSignatures", + "targets": [ + ["id=root_relyingPartyOverrides_ignoreRequestSignatures", "id"], + ["css=#root_relyingPartyOverrides_ignoreRequestSignatures", "css:finder"], + ["xpath=//input[@id='root_relyingPartyOverrides_ignoreRequestSignatures']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[9]/div/div/div/div[5]/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div[5]/div/div/div/div/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "d113cc67-659a-48f0-a50c-98355a07b187", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "204ea80c-4aac-497f-8956-6370967ba73e", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "3baa7bd3-55c0-4d10-8aa3-c0daa63ec4d4", + "comment": "", + "command": "assertText", + "target": "css=.mb-4:nth-child(8) div:nth-child(5) .d-block:nth-child(2)", + "targets": [ + ["css=.mb-4:nth-child(8) div:nth-child(5) .d-block:nth-child(2)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/section[8]/div/div[2]/div[2]/div/div[5]/div/span[2]", "xpath:idRelative"], + ["xpath=//section[8]/div/div[2]/div[2]/div/div[5]/div/span[2]", "xpath:position"], + ["xpath=//span[contains(.,'true')]", "xpath:innerText"] + ], + "value": "true" + }, { + "id": "1406d7e4-907d-4359-8de8-a40206f0993e", + "comment": "", + "command": "click", + "target": "css=.save", + "targets": [ + ["css=.save", "css:finder"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "4e0fa4f5-817f-41fb-9885-60f37b699436", + "comment": "", + "command": "waitForElementVisible", + "target": "css=td:nth-child(1)", + "targets": [ + ["css=.lead", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/span", "xpath:idRelative"], + ["xpath=//section/div/div/span", "xpath:position"], + ["xpath=//span[contains(.,'Current Metadata Sources')]", "xpath:innerText"] + ], + "value": "10000" + }, { + "id": "ba9fb8e8-d332-45bd-accd-703284744136", + "comment": "", + "command": "assertText", + "target": "css=td:nth-child(1)", + "targets": [ + ["linkText=Test Provider", "linkText"], + ["css=td > a", "css:finder"], + ["xpath=//a[contains(text(),'Test Provider')]", "xpath:link"], + ["xpath=//a[contains(@href, '/metadata/resolver/ee3aedc4-b56a-46c4-b8db-09603dd5b473/configuration/options')]", "xpath:href"], + ["xpath=//td/a", "xpath:position"], + ["xpath=//a[contains(.,'Test Provider')]", "xpath:innerText"] + ], + "value": "Ignore Request Signatures Test" + }, { + "id": "eff4c9fe-7daf-4082-a162-4a9dff323293", + "comment": "", + "command": "assertText", + "target": "css=td:nth-child(2)", + "targets": [ + ["css=td:nth-child(2)", "css:finder"], + ["xpath=//td[2]", "xpath:position"], + ["xpath=//td[contains(.,'test-1234')]", "xpath:innerText"] + ], + "value": "test-1234" + }, { + "id": "b2d9f789-fb94-459f-9947-5364cebc43d1", + "comment": "", + "command": "assertText", + "target": "css=td:nth-child(3)", + "targets": [ + ["css=td:nth-child(3)", "css:finder"], + ["xpath=//td[3]", "xpath:position"], + ["xpath=//td[contains(.,'root')]", "xpath:innerText"] + ], + "value": "admin" + }, { + "id": "549253bc-b6e0-4968-8058-f52700e9e3b2", + "comment": "", + "command": "click", + "target": "linkText=Ignore Request Signatures Test", + "targets": [ + ["linkText=Ignore Request Signatures Test", "linkText"], + ["css=.align-middle > a", "css:finder"], + ["xpath=//a[contains(text(),'Ignore Request Signatures Test')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/div/table/tbody/tr/td/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/source/e85e1ba1-82b1-4a2b-9ee7-740b0be72253/configuration/options')]", "xpath:href"], + ["xpath=//td/a", "xpath:position"], + ["xpath=//a[contains(.,'Ignore Request Signatures Test')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "42a3f6c2-f2f7-4466-8cc6-35b1dd781154", + "comment": "", + "command": "waitForElementVisible", + "target": "css=.mb-4:nth-child(9) div:nth-child(5) .d-block:nth-child(2)", + "targets": [], + "value": "30000" + }, { + "id": "121a6247-05d6-4553-b565-ebee2552f7e9", + "comment": "", + "command": "assertText", + "target": "css=.mb-4:nth-child(9) div:nth-child(5) .d-block:nth-child(2)", + "targets": [ + ["css=.mb-4:nth-child(9) div:nth-child(5) .d-block:nth-child(2)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[5]/div/span[2]", "xpath:idRelative"], + ["xpath=//section[7]/div/div[2]/div[2]/div/div[5]/div/span[2]", "xpath:position"], + ["xpath=//span[contains(.,'true')]", "xpath:innerText"] + ], + "value": "true" + }, { + "id": "e8ece399-3f6c-45f2-afc5-d46f7f61dbcf", + "comment": "", + "command": "click", + "target": "css=.mb-4:nth-child(9) .edit-link", + "targets": [ + ["css=.mb-4:nth-child(9) .edit-link", "css:finder"], + ["xpath=(//button[@type='button'])[13]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div/div/button", "xpath:idRelative"], + ["xpath=//section[7]/div/div/div/button", "xpath:position"] + ], + "value": "" + }, { + "id": "16514b3c-fceb-4ef3-8a9c-14e719ef46c6", + "comment": "", + "command": "assertChecked", + "target": "id=root_relyingPartyOverrides_ignoreRequestSignatures", + "targets": [ + ["id=root_relyingPartyOverrides_ignoreRequestSignatures", "id"], + ["css=#root_relyingPartyOverrides_ignoreRequestSignatures", "css:finder"], + ["xpath=//input[@id='root_relyingPartyOverrides_ignoreRequestSignatures']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div[2]/div/form/div/div/div/div/div[8]/div/div/div/div[5]/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div[5]/div/div/div/div/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "859707e1-f8fe-4f2d-b3aa-7fd9ce45ef20", + "comment": "", + "command": "click", + "target": "id=root_relyingPartyOverrides_ignoreRequestSignatures", + "targets": [ + ["id=root_relyingPartyOverrides_ignoreRequestSignatures", "id"], + ["css=#root_relyingPartyOverrides_ignoreRequestSignatures", "css:finder"], + ["xpath=//input[@id='root_relyingPartyOverrides_ignoreRequestSignatures']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div[2]/div/form/div/div/div/div/div[8]/div/div/div/div[5]/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div[5]/div/div/div/div/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "155d4d90-d190-4c52-aafe-94014464f753", + "comment": "", + "command": "click", + "target": "css=button.btn.btn-info", + "targets": [ + ["css=.fa-floppy-disk > path", "css:finder"] + ], + "value": "" + }, { + "id": "f2c93769-ccd0-4fea-b4f4-9ba583110931", + "comment": "", + "command": "waitForElementVisible", + "target": "css=.mb-4:nth-child(9) div:nth-child(5) .d-block:nth-child(2)", + "targets": [], + "value": "30000" + }, { + "id": "8424965f-ca12-4e1d-8dd9-15a71cba30e4", + "comment": "", + "command": "pause", + "target": "5000", + "targets": [], + "value": "" + }, { + "id": "68ca436c-5db0-412b-a45f-c1cc92c29013", + "comment": "", + "command": "assertText", + "target": "css=.mb-4:nth-child(9) div:nth-child(5) .d-block:nth-child(2)", + "targets": [ + ["css=.mb-4:nth-child(9) div:nth-child(5) .d-block:nth-child(2)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section[7]/div/div[2]/div[2]/div/div[5]/div/span[2]", "xpath:idRelative"], + ["xpath=//section[7]/div/div[2]/div[2]/div/div[5]/div/span[2]", "xpath:position"] + ], + "value": "-" + }, { + "id": "4ec2c493-85e4-403b-9b09-031c5728f498", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "e074980a-8f21-4c22-8412-c4b6fcdcd1a4", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] + }], + "suites": [{ + "id": "d2caeac4-7520-4e3c-96b1-840610b6983c", + "name": "Default Suite", + "persistSession": false, + "parallel": false, + "timeout": 300, + "tests": ["841ade0e-83bd-4a4b-94f2-de6bd5c536b2"] + }], + "urls": ["http://localhost:10101/"], + "plugins": [] +} \ No newline at end of file From aa85c7dcb01a41c022e27833afcda5b7251aa137 Mon Sep 17 00:00:00 2001 From: Bill Smith Date: Tue, 16 Aug 2022 11:40:40 -0400 Subject: [PATCH 36/58] SHIBUI-1674 Added .side files for related tests. --- .../integration/resources/SHIBUI-1674-1.side | 762 +++++++++ .../integration/resources/SHIBUI-1674-2.side | 1448 +++++++++++++++++ .../integration/resources/SHIBUI-1674-3.side | 443 +++++ 3 files changed, 2653 insertions(+) create mode 100644 backend/src/integration/resources/SHIBUI-1674-1.side create mode 100644 backend/src/integration/resources/SHIBUI-1674-2.side create mode 100644 backend/src/integration/resources/SHIBUI-1674-3.side diff --git a/backend/src/integration/resources/SHIBUI-1674-1.side b/backend/src/integration/resources/SHIBUI-1674-1.side new file mode 100644 index 000000000..b9fed57ad --- /dev/null +++ b/backend/src/integration/resources/SHIBUI-1674-1.side @@ -0,0 +1,762 @@ +{ + "id": "1b31a551-eb09-4bd4-8db9-694bf1539a46", + "version": "2.0", + "name": "SHIBUI-1674-1", + "url": "http://localhost:10101", + "tests": [{ + "id": "841ade0e-83bd-4a4b-94f2-de6bd5c536b2", + "name": "SHIBUI-1674-1", + "commands": [{ + "id": "d6b23986-6d14-4b10-be7b-a7e6f576e3b2", + "comment": "", + "command": "open", + "target": "/login", + "targets": [], + "value": "" + }, { + "id": "f77ecd77-01c2-4463-944e-1a69600f5297", + "comment": "", + "command": "type", + "target": "name=username", + "targets": [ + ["name=username", "name"], + ["css=tr:nth-child(1) input", "css:finder"], + ["xpath=//input[@name='username']", "xpath:attributes"], + ["xpath=//input", "xpath:position"] + ], + "value": "admin" + }, { + "id": "c9bf0a22-faa9-494c-b2ed-6c9653248551", + "comment": "", + "command": "type", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "adminpass" + }, { + "id": "7ab1d854-3582-4101-bd19-f94b8f438090", + "comment": "", + "command": "sendKeys", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "${KEY_ENTER}" + }, { + "id": "4059cae7-b9f9-49d0-a213-343bcaba66d1", + "comment": "", + "command": "waitForElementVisible", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "f03af8d5-5875-4a2c-b93a-c3ddcbd4b16a", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "081f495b-4d84-4758-824c-1e85b6311e7f", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }, { + "id": "9e912dd5-6ace-45be-bafd-2d1655906575", + "comment": "", + "command": "open", + "target": "/", + "targets": [], + "value": "" + }, { + "id": "3bb52950-667c-4852-a98f-6a6fb5632ba5", + "comment": "", + "command": "waitForElementEditable", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "fc2df69a-a340-44c4-b3c3-ec21670be567", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [ + ["id=metadata-nav-dropdown-toggle", "id"], + ["css=#metadata-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='metadata-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[2]/button", "xpath:position"], + ["xpath=//button[contains(.,'Add New')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "2db70b89-b8e2-471f-8db9-cc9361058e72", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-source", + "targets": [ + ["id=metadata-nav-dropdown-source", "id"], + ["linkText=Add a new metadata source", "linkText"], + ["css=#metadata-nav-dropdown-source", "css:finder"], + ["xpath=//a[contains(text(),'Add a new metadata source')]", "xpath:link"], + ["xpath=//a[@id='metadata-nav-dropdown-source']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/source/new')]", "xpath:href"], + ["xpath=//div[2]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'Add a new metadata source')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "93d20204-7dfa-44c0-8e61-6741e73594f5", + "comment": "", + "command": "waitForElementPresent", + "target": "css=.mb-3:nth-child(2) .btn path", + "targets": [], + "value": "30000" + }, { + "id": "a7b2b925-2274-4dcc-a4e3-3b727c9a047a", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3:nth-child(2) .btn path", + "targets": [ + ["css=.mb-3:nth-child(2) .btn path", "css:finder"] + ], + "value": "" + }, { + "id": "ca3dfd3d-553f-4f75-8bff-50fd057db7db", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "An entityID is the SAML identifier that uniquely names a service provider." + }, { + "id": "8b4eb229-ecfe-4994-902a-d08b55b86504", + "comment": "", + "command": "type", + "target": "id=root_serviceProviderName", + "targets": [ + ["id=root_serviceProviderName", "id"], + ["css=#root_serviceProviderName", "css:finder"], + ["xpath=//input[@id='root_serviceProviderName']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/div/form/div/div/div/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "Tooltip Test" + }, { + "id": "8a48a499-f163-425a-a704-4a7efbb2c311", + "comment": "", + "command": "type", + "target": "id=root_entityId", + "targets": [ + ["id=root_entityId", "id"], + ["css=#root_entityId", "css:finder"], + ["xpath=//input[@id='root_entityId']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[3]/div/div/form/div/div/div/div/div/div[2]/div/div/input", "xpath:idRelative"], + ["xpath=//div[2]/div/div/input", "xpath:position"] + ], + "value": "Test" + }, { + "id": "e8110e2e-5973-412c-b719-fe61261f4c06", + "comment": "", + "command": "click", + "target": "css=.nav-link", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "ca21608c-baaa-400d-b8bd-8ad0eb4b7a53", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(1) > .col-12 > .mb-3 path", + "targets": [ + ["css=.row:nth-child(1) > .col-12 > .mb-3 path", "css:finder"] + ], + "value": "" + }, { + "id": "5370bc80-c637-4b2b-8e5d-b3db821a228a", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Name of the organization standing up the entity." + }, { + "id": "63043982-9758-4a64-8df7-6c902359979f", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=(//button[@type='button'])[6]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "b56c1325-5438-4b5a-b626-79b030d04313", + "comment": "", + "command": "mouseOver", + "target": "css=.d-empty-none:nth-child(2) > .mb-3:nth-child(1) path", + "targets": [ + ["css=.d-empty-none:nth-child(2) > .mb-3:nth-child(1) path", "css:finder"] + ], + "value": "" + }, { + "id": "63fb1e52-b70d-4a2e-a71b-52a47a80b732", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "The IdP Privacy Statement URL is a link to the IdP's Privacy Statement. The content of the Privacy Statement should be targeted at end users." + }, { + "id": "2b80c885-9e61-489c-bf8a-db8efc7c6a0e", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=(//button[@type='button'])[6]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "f041b735-85f2-4005-ad80-16a82c683f60", + "comment": "", + "command": "mouseOver", + "target": "css=.ms-2 > path", + "targets": [ + ["css=.ms-2 > path", "css:finder"] + ], + "value": "" + }, { + "id": "2f7c3fc3-d1ac-445a-850b-3696be0c22cf", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "This attribute contains a space-delimited collection of URIs that represent general classes of protocol support for the role in question. There are URIs defined by the various standards and profiles to represent the fact that an entity acting in a role \"supports\" a particular protocol family, such as SAML 2.0 or the Shibboleth profile of SAML 1.1." + }, { + "id": "c1eb927c-0f47-4b7a-8f7a-39f88f01f645", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=(//button[@type='button'])[6]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "be222605-95ec-4a48-b02c-9b29f47e1ef5", + "comment": "", + "command": "mouseOver", + "target": "css=.fa-circle-info > path", + "targets": [ + ["css=.fa-circle-info > path", "css:finder"] + ], + "value": "" + }, { + "id": "00d5a2db-9b4d-48c0-97d9-724f62415559", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "If your SP supports SAML 2.0 Single Logout, you will need to include one or more endpoint elements in the metadata." + }, { + "id": "45ff7f8d-4001-48bd-8f23-52b6d15cf94c", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=(//button[@type='button'])[6]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "397a8204-b6b1-442f-a491-4c89b1d320ff", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3:nth-child(1) > div > .mb-3 path", + "targets": [ + ["css=.mb-3:nth-child(1) > div > .mb-3 path", "css:finder"] + ], + "value": "" + }, { + "id": "8d29bc2d-68e2-4e4c-b111-b9637ac4a7b3", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Whether to sign requests." + }, { + "id": "e1c906a3-bd1d-4684-b6fb-56de3a653579", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=(//button[@type='button'])[6]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "6cfdcca2-1deb-4055-9b75-afbfbf728783", + "comment": "", + "command": "mouseOver", + "target": "css=.fa-circle-info > path", + "targets": [ + ["css=.fa-circle-info > path", "css:finder"] + ], + "value": "" + }, { + "id": "8e3694e9-fcb8-40e9-94d9-4b3fe7dd4e46", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "An Assertion Consumer Service (or ACS) is SAML terminology for the location at a ServiceProvider that accepts messages (or SAML artifacts) for the purpose of establishing a session based on an assertion." + }, { + "id": "2658b197-a2d5-4060-9b34-eb80aee1ded2", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=(//button[@type='button'])[6]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "56f49fe8-340c-46fa-bda9-0b3c0de98bdb", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(1) > .col-12:nth-child(1) > .mb-3:nth-child(1) path:nth-child(1)", + "targets": [ + ["css=.row:nth-child(1) > .col-12:nth-child(1) > .mb-3:nth-child(1) path:nth-child(1)", "css:finder"] + ], + "value": "" + }, { + "id": "6f3d1d4a-f1ca-461b-9416-9d8e18ffccef", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Sign Assertion declares that the service provider wants the element to be digitally signed." + }, { + "id": "5c718136-9eba-46f9-b93b-da820abe2719", + "comment": "", + "command": "mouseOut", + "target": "css=.row:nth-child(1) > .col-12:nth-child(1) > .mb-3:nth-child(1) path:nth-child(1)", + "targets": [], + "value": "" + }, { + "id": "268b3df4-a184-4a39-bec3-70dfc598b073", + "comment": "", + "command": "click", + "target": "css=body", + "targets": [], + "value": "" + }, { + "id": "f5024e0f-960b-4ce6-873e-4259e0d79ce8", + "comment": "", + "command": "pause", + "target": "1000", + "targets": [], + "value": "" + }, { + "id": "54a74399-69aa-4412-85c2-a5bbb543d8be", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(8) path:nth-child(1)", + "targets": [ + ["css=.row:nth-child(8) path:nth-child(1)", "css:finder"] + ], + "value": "" + }, { + "id": "e6976eca-f54b-4015-8f87-ba06a469ab28", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Whether to ignore any SP-Requested Authentication Method." + }, { + "id": "87036a6f-aebd-4ef1-8cb8-03d082676c03", + "comment": "", + "command": "mouseOut", + "target": "css=.row:nth-child(8) path:nth-child(1)", + "targets": [], + "value": "" + }, { + "id": "31fdddde-2472-4921-950c-ca56555c2d5b", + "comment": "", + "command": "click", + "target": "css=body", + "targets": [], + "value": "" + }, { + "id": "30ec5f42-49cb-4917-aca8-640736b8f948", + "comment": "", + "command": "pause", + "target": "1000", + "targets": [], + "value": "" + }, { + "id": "809daed0-c5d7-4cb6-89d7-be9409f1d7ae", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=(//button[@type='button'])[6]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "1fae7d2d-1e36-486a-b3a8-c76a3db141e4", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.next", "css:finder"], + ["xpath=(//button[@type='button'])[6]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "23f5b4ad-7f9c-46e3-bf3f-b1ea57eb1ac7", + "comment": "", + "command": "click", + "target": "css=.save", + "targets": [ + ["css=.save", "css:finder"], + ["xpath=(//button[@type='button'])[6]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "17c42282-eaa5-4641-8f39-969c0a13f561", + "comment": "", + "command": "waitForElementVisible", + "target": "linkText=Tooltip Test", + "targets": [ + ["linkText=Tooltip Test", "linkText"], + ["css=.align-middle > a", "css:finder"], + ["xpath=//a[contains(text(),'Tooltip Test')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/div/table/tbody/tr/td/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/source/14b50734-c3e2-48ac-bdb9-342b91174ca7/configuration/options')]", "xpath:href"], + ["xpath=//td/a", "xpath:position"], + ["xpath=//a[contains(.,'Tooltip Test')]", "xpath:innerText"] + ], + "value": "30000" + }, { + "id": "beae53d2-254a-4422-a302-06a72dc6aacc", + "comment": "", + "command": "click", + "target": "linkText=Tooltip Test", + "targets": [], + "value": "" + }, { + "id": "edd4c7ed-ec92-4f61-8f2d-16bec5c79b60", + "comment": "", + "command": "click", + "target": "css=.mb-4:nth-child(3) .edit-link", + "targets": [ + ["css=.mb-4:nth-child(3) .edit-link", "css:finder"], + ["xpath=(//button[@type='button'])[7]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div/div/section/div/div/div/button", "xpath:idRelative"], + ["xpath=//section/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Edit')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "c974e795-454e-4271-86ef-609e3538b28f", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(1) > .col-12 .svg-inline--fa", + "targets": [ + ["css=.row:nth-child(1) > .col-12 .svg-inline--fa", "css:finder"] + ], + "value": "" + }, { + "id": "e2e21f5c-bcf5-484f-b840-e1f2104b0921", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Name of the organization standing up the entity." + }, { + "id": "2177712e-3ffa-4d70-a546-4425fa6b6565", + "comment": "", + "command": "click", + "target": "css=.nav-link:nth-child(2)", + "targets": [ + ["css=.nav-link:nth-child(2)", "css:finder"], + ["xpath=(//button[@type='button'])[9]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/nav/button[2]", "xpath:idRelative"], + ["xpath=//nav/button[2]", "xpath:position"], + ["xpath=//button[contains(.,'User Interface / MDUI Information')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5b8ce0c5-f2d1-4bca-acb1-c22a3ed02fd7", + "comment": "", + "command": "mouseOver", + "target": "css=.d-empty-none:nth-child(1) > .mb-3:nth-child(2) path", + "targets": [ + ["css=.d-empty-none:nth-child(1) > .mb-3:nth-child(2) path", "css:finder"] + ], + "value": "" + }, { + "id": "65551475-41fb-42a3-aeea-2c92884adf6a", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "The IdP Information URL is a link to a comprehensive information page about the IdP. This page should expand on the content of the IdP Description field." + }, { + "id": "a952c81f-7dc1-4f26-812e-8c1a4101fa7a", + "comment": "", + "command": "click", + "target": "css=.nav-link:nth-child(3)", + "targets": [ + ["css=.nav-link:nth-child(3)", "css:finder"], + ["xpath=(//button[@type='button'])[10]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/nav/button[3]", "xpath:idRelative"], + ["xpath=//button[3]", "xpath:position"], + ["xpath=//button[contains(.,'SP SSO Descriptor Information')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "013648f1-be7a-4fbf-a5c4-07482ca9fc96", + "comment": "", + "command": "mouseOver", + "target": "css=.ms-2 > path", + "targets": [ + ["css=.ms-2 > path", "css:finder"] + ], + "value": "" + }, { + "id": "6851171e-6a6f-46e4-9317-bab6ad077127", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "This attribute contains a space-delimited collection of URIs that represent general classes of protocol support for the role in question. There are URIs defined by the various standards and profiles to represent the fact that an entity acting in a role \"supports\" a particular protocol family, such as SAML 2.0 or the Shibboleth profile of SAML 1.1." + }, { + "id": "b9c465ec-b07a-4c57-9caf-988bb1eac6ed", + "comment": "", + "command": "click", + "target": "css=.nav-link:nth-child(4)", + "targets": [ + ["css=.nav-link:nth-child(4)", "css:finder"], + ["xpath=(//button[@type='button'])[11]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/nav/button[4]", "xpath:idRelative"], + ["xpath=//button[4]", "xpath:position"], + ["xpath=//button[contains(.,'Logout Endpoints')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "d727cd8d-5195-45e5-9df3-1e1d386e6f81", + "comment": "", + "command": "click", + "target": "css=.array-add-button", + "targets": [ + ["css=.array-add-button", "css:finder"], + ["xpath=(//button[@type='button'])[16]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div[2]/div/form/div/div/div/div/div[5]/div/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Add ')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "825b4bb3-e40e-4b02-a053-5f8e15b9b672", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(1) > .col-12 .btn > .svg-inline--fa", + "targets": [], + "value": "" + }, { + "id": "8b309a28-ff0d-4e6b-8c49-26a9e13822d8", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [ + ["css=.row:nth-child(1) > .col-12 .btn > .svg-inline--fa", "css:finder"] + ], + "value": "The location of the handler (when combined with the base handlerURL). This is the location to which an IdP sends messages using whatever protocol and binding it shares with the SP. Each combination of SLO protocol and binding is installed at a unique location to improve efficiency." + }, { + "id": "687f9331-fd88-43c5-ad58-0c4e04bc5adf", + "comment": "", + "command": "click", + "target": "css=.m-0 > .text-danger", + "targets": [ + ["css=.m-0 > .text-danger", "css:finder"], + ["xpath=(//button[@type='button'])[19]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div[2]/div/form/div/div/div/div/div[5]/div/div/div/div/div[2]/div/div/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Delete')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "eb728c91-52d6-4505-85c2-ad274be14f88", + "comment": "", + "command": "click", + "target": "css=.nav-link:nth-child(5)", + "targets": [ + ["css=.nav-link:nth-child(5)", "css:finder"], + ["xpath=(//button[@type='button'])[12]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/nav/button[5]", "xpath:idRelative"], + ["xpath=//button[5]", "xpath:position"], + ["xpath=//button[contains(.,'Security Information')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "84415564-f9d8-4b75-a6cf-5c269cb8eb9f", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3:nth-child(2) path", + "targets": [ + ["css=.mb-3:nth-child(2) path", "css:finder"] + ], + "value": "" + }, { + "id": "75ae4766-62a2-47e1-9328-a7030fbfcdb1", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [ + ["css=.row:nth-child(1) > .col-12 .btn > .svg-inline--fa", "css:finder"] + ], + "value": "Whether to sign assertions. Element declares that the service provider wants the element to be digitally signed." + }, { + "id": "c069fd81-2679-4e6c-9115-63cf783a4b82", + "comment": "", + "command": "click", + "target": "css=.nav-link:nth-child(6)", + "targets": [ + ["css=.nav-link:nth-child(6)", "css:finder"], + ["xpath=(//button[@type='button'])[13]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/nav/button[6]", "xpath:idRelative"], + ["xpath=//button[6]", "xpath:position"], + ["xpath=//button[contains(.,'Assertion Consumer Service')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ae3fd3f3-d7e9-4594-8f62-0bdd81fe207f", + "comment": "", + "command": "click", + "target": "css=.array-add-button", + "targets": [ + ["css=.array-add-button", "css:finder"], + ["xpath=(//button[@type='button'])[16]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div[2]/div/form/div/div/div/div/div[7]/div/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Add ')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ff8f4f9f-0832-4a08-910d-778156869d6a", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3 > .form-label > .btn path", + "targets": [ + ["css=.mb-3 > .form-label > .btn path", "css:finder"] + ], + "value": "" + }, { + "id": "201ad760-133b-4ab6-8be9-ef0ef1849930", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [ + ["css=.row:nth-child(1) > .col-12 .btn > .svg-inline--fa", "css:finder"] + ], + "value": "The binding attribute of the element is a standard URI specified in the SAML 2.0 Binding specification." + }, { + "id": "a1a1d817-93ba-4a09-b52e-b660f000b018", + "comment": "", + "command": "click", + "target": "css=.fa-trash > path", + "targets": [ + ["css=.fa-trash > path", "css:finder"] + ], + "value": "" + }, { + "id": "acea6b6b-04c4-4224-831c-9067cc09ee9a", + "comment": "", + "command": "click", + "target": "css=.nav-link:nth-child(7)", + "targets": [ + ["css=.nav-link:nth-child(7)", "css:finder"], + ["xpath=(//button[@type='button'])[14]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/nav/button[7]", "xpath:idRelative"], + ["xpath=//button[7]", "xpath:position"], + ["xpath=//button[contains(.,'Relying Party Overrides')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "2928ba27-b934-499e-8dda-8441dbbb463d", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(6) path:nth-child(1)", + "targets": [ + ["css=.row:nth-child(6) path:nth-child(1)", "css:finder"] + ], + "value": "" + }, { + "id": "085ff864-1a6b-469f-9009-9d6072e2d689", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [ + ["css=.row:nth-child(1) > .col-12 .btn > .svg-inline--fa", "css:finder"] + ], + "value": "Disallows use (or reuse) of authentication results and login flows that don't provide a real-time proof of user presence in the login process." + }, { + "id": "1ff63b39-ee65-46a0-9258-56209aa63e4b", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "0bc97fad-e6a1-4cb7-9c50-f43f5ff436a6", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] + }], + "suites": [{ + "id": "d2caeac4-7520-4e3c-96b1-840610b6983c", + "name": "Default Suite", + "persistSession": false, + "parallel": false, + "timeout": 300, + "tests": ["841ade0e-83bd-4a4b-94f2-de6bd5c536b2"] + }], + "urls": ["http://localhost:10101/"], + "plugins": [] +} \ No newline at end of file diff --git a/backend/src/integration/resources/SHIBUI-1674-2.side b/backend/src/integration/resources/SHIBUI-1674-2.side new file mode 100644 index 000000000..f05b1e1f9 --- /dev/null +++ b/backend/src/integration/resources/SHIBUI-1674-2.side @@ -0,0 +1,1448 @@ +{ + "id": "1b31a551-eb09-4bd4-8db9-694bf1539a46", + "version": "2.0", + "name": "SHIBUI-1674-2", + "url": "http://localhost:10101", + "tests": [{ + "id": "841ade0e-83bd-4a4b-94f2-de6bd5c536b2", + "name": "SHIBUI-1674-2", + "commands": [{ + "id": "d6b23986-6d14-4b10-be7b-a7e6f576e3b2", + "comment": "", + "command": "open", + "target": "/login", + "targets": [], + "value": "" + }, { + "id": "f77ecd77-01c2-4463-944e-1a69600f5297", + "comment": "", + "command": "type", + "target": "name=username", + "targets": [ + ["name=username", "name"], + ["css=tr:nth-child(1) input", "css:finder"], + ["xpath=//input[@name='username']", "xpath:attributes"], + ["xpath=//input", "xpath:position"] + ], + "value": "admin" + }, { + "id": "c9bf0a22-faa9-494c-b2ed-6c9653248551", + "comment": "", + "command": "type", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "adminpass" + }, { + "id": "7ab1d854-3582-4101-bd19-f94b8f438090", + "comment": "", + "command": "sendKeys", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "${KEY_ENTER}" + }, { + "id": "4059cae7-b9f9-49d0-a213-343bcaba66d1", + "comment": "", + "command": "waitForElementVisible", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "f03af8d5-5875-4a2c-b93a-c3ddcbd4b16a", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "081f495b-4d84-4758-824c-1e85b6311e7f", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }, { + "id": "9e912dd5-6ace-45be-bafd-2d1655906575", + "comment": "", + "command": "open", + "target": "/", + "targets": [], + "value": "" + }, { + "id": "3bb52950-667c-4852-a98f-6a6fb5632ba5", + "comment": "", + "command": "waitForElementEditable", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "fc2df69a-a340-44c4-b3c3-ec21670be567", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [ + ["id=metadata-nav-dropdown-toggle", "id"], + ["css=#metadata-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='metadata-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[2]/button", "xpath:position"], + ["xpath=//button[contains(.,'Add New')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "64e1be5d-4fd2-4b94-b714-48736a0bbc3d", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-provider", + "targets": [ + ["id=metadata-nav-dropdown-provider", "id"], + ["linkText=Add a new metadata provider", "linkText"], + ["css=#metadata-nav-dropdown-provider", "css:finder"], + ["xpath=//a[contains(text(),'Add a new metadata provider')]", "xpath:link"], + ["xpath=//a[@id='metadata-nav-dropdown-provider']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/div/a[2]", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/new')]", "xpath:href"], + ["xpath=//a[2]", "xpath:position"], + ["xpath=//a[contains(.,'Add a new metadata provider')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "4d377f17-a1ca-4c06-97c0-86f0240bb3ee", + "comment": "", + "command": "waitForElementEditable", + "target": "name=type", + "targets": [], + "value": "30000" + }, { + "id": "6b7f87a2-e822-4289-8e83-f6c879b485f7", + "comment": "", + "command": "select", + "target": "name=type", + "targets": [], + "value": "label=FileBackedHttpMetadataResolver" + }, { + "id": "e469e748-3433-4561-97b3-20eca852bb98", + "comment": "", + "command": "type", + "target": "name=name", + "targets": [ + ["name=name", "name"], + ["css=.form-control", "css:finder"], + ["xpath=//input[@name='name']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/div/form/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "FBHMR" + }, { + "id": "2f6171c0-f11f-4d3a-99fe-4ba3ef743f3f", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3:nth-child(2) path", + "targets": [ + ["css=.mb-3:nth-child(2) path", "css:finder"] + ], + "value": "" + }, { + "id": "e1f5e376-772a-456c-9c62-c2543687a154", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "The precise behavior of any element is controlled by the xsi:type attribute. This specifies the exact type of provider to use." + }, { + "id": "d925e00f-1d00-4541-bbb5-e6a2d668de9a", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "6d8efa55-ad05-4a15-b65a-74622feff0af", + "comment": "", + "command": "type", + "target": "id=root_xmlId", + "targets": [ + ["id=root_xmlId", "id"], + ["css=#root_xmlId", "css:finder"], + ["xpath=//input[@id='root_xmlId']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[2]/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "1" + }, { + "id": "88bd1be4-5c22-4147-85f1-e20b05b0b3a0", + "comment": "", + "command": "type", + "target": "id=root_metadataURL", + "targets": [ + ["id=root_metadataURL", "id"], + ["css=#root_metadataURL", "css:finder"], + ["xpath=//input[@id='root_metadataURL']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[2]/div[2]/div/div/input", "xpath:idRelative"], + ["xpath=//div[2]/div/div/input", "xpath:position"] + ], + "value": "https://idp.unicon.net/idp/shibboleth" + }, { + "id": "c531d779-4bc8-44bd-9aa1-c04262edcd36", + "comment": "", + "command": "type", + "target": "id=root_backingFile", + "targets": [ + ["id=root_backingFile", "id"], + ["css=#root_backingFile", "css:finder"], + ["xpath=//input[@id='root_backingFile']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[2]/div[4]/div/div/input", "xpath:idRelative"], + ["xpath=//div[4]/div/div/input", "xpath:position"] + ], + "value": "%{idp.home}/foo" + }, { + "id": "f9d5dd8a-10e3-4ec0-955e-12c2c3e4df26", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [], + "value": "" + }, { + "id": "be6afcb8-e7b5-4838-876a-2304a69c078f", + "comment": "", + "command": "click", + "target": "id=option-selector-items-root_backupFileInitNextRefreshDelay-item-3", + "targets": [], + "value": "" + }, { + "id": "c3323c50-da68-42be-8ecf-1754be5f402e", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3:nth-child(7) path", + "targets": [ + ["css=.mb-3:nth-child(7) path", "css:finder"] + ], + "value": "" + }, { + "id": "2c70ddbd-4a58-4e23-a134-dd168dbfdf62", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Whether to fail initialization of the underlying MetadataResolverService (and possibly the IdP as a whole) if the initialization of a metadata provider fails. When false, the IdP may start, and will continue to attempt to reload valid metadata if configured to do so, but operations that require valid metadata will fail until it does." + }, { + "id": "3a2ee060-bea9-4ee6-86ac-0bfec851a0f4", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "f9c24b89-5e95-439f-9f94-13e5482ba269", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(2) .form-label > .btn > .svg-inline--fa", + "targets": [ + ["css=.row:nth-child(2) .form-label > .btn > .svg-inline--fa", "css:finder"] + ], + "value": "" + }, { + "id": "c656db9f-fa69-4476-8760-f15c91c4db6e", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Upper bound on the next refresh from the time calculated based on the metadata's expiration." + }, { + "id": "dd29f528-f275-4258-9495-11039074c599", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "8b9ab8e9-4856-4382-824b-37332e504342", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(3) > .col-12 > .mb-3 .form-label path", + "targets": [ + ["css=.row:nth-child(3) > .col-12 > .mb-3 .form-label path", "css:finder"] + ], + "value": "" + }, { + "id": "670d88ef-01fe-4d6f-aa03-22df00784246", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "A path (on the local file system) to a certificate file whose key is used to verify the signature. Conflicts with trustEngineRef and both of the child elements." + }, { + "id": "7dabc0ab-d5ed-4f6b-9695-075d332bc00e", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "06ed36cf-160c-4a0c-ad36-3ad27e8c6274", + "comment": "", + "command": "click", + "target": "css=.save", + "targets": [ + ["css=.save", "css:finder"], + ["xpath=(//button[@type='button'])[6]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/nav/ul/li[3]/button", "xpath:idRelative"], + ["xpath=//li[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "e88c3946-6bba-453c-bd76-a87602b7a26c", + "comment": "", + "command": "waitForElementPresent", + "target": "linkText=FBHMR", + "targets": [ + ["linkText=FBHMR", "linkText"], + ["css=.align-middle > a", "css:finder"], + ["xpath=//a[contains(text(),'FBHMR')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/div/table/tbody/tr/td[2]/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/b33533c3-dd67-418a-b387-188045e2f821/configuration/options')]", "xpath:href"], + ["xpath=//td[2]/a", "xpath:position"], + ["xpath=//a[contains(.,'FBHMR')]", "xpath:innerText"] + ], + "value": "30000" + }, { + "id": "0feeadff-9325-4a92-992e-51da6e4611d6", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [ + ["id=metadata-nav-dropdown-toggle", "id"], + ["css=#metadata-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='metadata-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[2]/button", "xpath:position"], + ["xpath=//button[contains(.,'Add New')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "78070ae0-e6cc-4204-8faa-becd9ec407e6", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-provider", + "targets": [ + ["id=metadata-nav-dropdown-provider", "id"], + ["linkText=Add a new metadata provider", "linkText"], + ["css=#metadata-nav-dropdown-provider", "css:finder"], + ["xpath=//a[contains(text(),'Add a new metadata provider')]", "xpath:link"], + ["xpath=//a[@id='metadata-nav-dropdown-provider']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/div/a[2]", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/new')]", "xpath:href"], + ["xpath=//a[2]", "xpath:position"], + ["xpath=//a[contains(.,'Add a new metadata provider')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "cd46f9d7-156e-4930-9694-645d6988fc3c", + "comment": "", + "command": "waitForElementEditable", + "target": "name=type", + "targets": [], + "value": "30000" + }, { + "id": "ebee4d22-84b6-451d-9a62-0dfc7999e7c0", + "comment": "", + "command": "select", + "target": "name=type", + "targets": [], + "value": "label=FilesystemMetadataResolver" + }, { + "id": "ca977b80-c080-4ca4-ace8-7428f293c79b", + "comment": "", + "command": "type", + "target": "name=name", + "targets": [ + ["name=name", "name"], + ["css=.form-control", "css:finder"], + ["xpath=//input[@name='name']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/div/form/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "FSMR" + }, { + "id": "3e9efc71-b8e5-4d0e-99f1-5605f0984768", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3:nth-child(1) path", + "targets": [ + ["css=.mb-3:nth-child(1) path", "css:finder"] + ], + "value": "" + }, { + "id": "2a2271ae-e8c5-4d03-adf9-63a271831418", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Metadata Provider Name (for display on the Dashboard only)" + }, { + "id": "c3f51d32-f01e-4f4f-aec8-65d6c212096e", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "b83ea670-06b0-45e7-b4e3-af137de66d44", + "comment": "", + "command": "waitForElementEditable", + "target": "id=root_xmlId", + "targets": [], + "value": "30000" + }, { + "id": "76c3cf2f-2e79-4a14-88a9-82fa0909de4f", + "comment": "", + "command": "type", + "target": "id=root_xmlId", + "targets": [ + ["id=root_xmlId", "id"], + ["css=#root_xmlId", "css:finder"], + ["xpath=//input[@id='root_xmlId']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[2]/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "2" + }, { + "id": "869cd022-e518-4708-b314-daa54733a807", + "comment": "", + "command": "type", + "target": "id=root_metadataFile", + "targets": [ + ["id=root_metadataFile", "id"], + ["css=#root_metadataFile", "css:finder"], + ["xpath=//input[@id='root_metadataFile']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[2]/div[2]/div/div/input", "xpath:idRelative"], + ["xpath=//div[2]/div/div/input", "xpath:position"] + ], + "value": "%{idp.home}/foo" + }, { + "id": "1086624e-fc87-470b-85bf-246fd3a42f64", + "comment": "", + "command": "mouseOver", + "target": "css=.d-block path", + "targets": [ + ["css=.d-block path", "css:finder"] + ], + "value": "" + }, { + "id": "be0a9921-3263-405c-a312-0e39fa53c316", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Initialize this resolver? In the case of Filesystem resolvers, this will cause the system to read the file and index the resolver." + }, { + "id": "3e0adde0-48e9-402d-952d-f682b5c68f93", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "d910ef5c-1e0f-48b8-bfbb-3dc0f2e65864", + "comment": "", + "command": "mouseOver", + "target": "css=.ms-2:nth-child(2) > path", + "targets": [ + ["css=.ms-2:nth-child(2) > path", "css:finder"] + ], + "value": "" + }, { + "id": "596d3f35-eb2c-4b8b-a99a-7f92f5441361", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "A factor applied to the initially determined refresh time in order to determine the next refresh time (typically to ensure refresh takes place prior to the metadata's expiration). Attempts to refresh metadata will generally begin around the product of this number and the maximum refresh delay." + }, { + "id": "33fff05f-db8e-495a-89b4-05fbb6de1062", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "806fe667-1f0a-41be-9f67-e05613a54304", + "comment": "", + "command": "click", + "target": "css=.save", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "cf2d85ab-412e-4cc8-824c-214e5bed17f1", + "comment": "", + "command": "waitForElementPresent", + "target": "linkText=FSMR", + "targets": [ + ["linkText=FBHMR", "linkText"], + ["css=.align-middle > a", "css:finder"], + ["xpath=//a[contains(text(),'FBHMR')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/div/table/tbody/tr/td[2]/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/b33533c3-dd67-418a-b387-188045e2f821/configuration/options')]", "xpath:href"], + ["xpath=//td[2]/a", "xpath:position"], + ["xpath=//a[contains(.,'FBHMR')]", "xpath:innerText"] + ], + "value": "30000" + }, { + "id": "e7b255a9-e86c-41a9-aff8-e72088f7f19c", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [ + ["id=metadata-nav-dropdown-toggle", "id"], + ["css=#metadata-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='metadata-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[2]/button", "xpath:position"], + ["xpath=//button[contains(.,'Add New')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5ab84f87-6038-4e5e-8c1e-f4caad237004", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-provider", + "targets": [ + ["id=metadata-nav-dropdown-provider", "id"], + ["linkText=Add a new metadata provider", "linkText"], + ["css=#metadata-nav-dropdown-provider", "css:finder"], + ["xpath=//a[contains(text(),'Add a new metadata provider')]", "xpath:link"], + ["xpath=//a[@id='metadata-nav-dropdown-provider']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/div/a[2]", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/new')]", "xpath:href"], + ["xpath=//a[2]", "xpath:position"], + ["xpath=//a[contains(.,'Add a new metadata provider')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f8654e3e-7bc2-4fde-8471-0b979916ba3e", + "comment": "", + "command": "waitForElementEditable", + "target": "name=type", + "targets": [], + "value": "30000" + }, { + "id": "d7378c6c-85c6-4c04-8793-a7a7bcba9afa", + "comment": "", + "command": "select", + "target": "name=type", + "targets": [], + "value": "label=LocalDynamicMetadataResolver" + }, { + "id": "83a312ec-7e52-427d-8d1f-f1adc569a288", + "comment": "", + "command": "type", + "target": "name=name", + "targets": [ + ["name=name", "name"], + ["css=.form-control", "css:finder"], + ["xpath=//input[@name='name']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/div/form/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "LDMR" + }, { + "id": "3982eb88-4841-4bbc-929b-a5905c06e981", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "0b590f05-e52c-44a6-af23-5b2f46a10663", + "comment": "", + "command": "type", + "target": "id=root_xmlId", + "targets": [ + ["id=root_xmlId", "id"], + ["css=#root_xmlId", "css:finder"], + ["xpath=//input[@id='root_xmlId']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[2]/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "3" + }, { + "id": "873f31c3-3488-452b-bf9d-db3cfdaacb6b", + "comment": "", + "command": "type", + "target": "id=root_sourceDirectory", + "targets": [ + ["id=root_sourceDirectory", "id"], + ["css=#root_sourceDirectory", "css:finder"], + ["xpath=//input[@id='root_sourceDirectory']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[2]/div[2]/div/div/input", "xpath:idRelative"], + ["xpath=//div[2]/div/div/input", "xpath:position"] + ], + "value": "%{idp.home}" + }, { + "id": "cc967bcc-786d-4fa3-a94e-d4571597a3dd", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3:nth-child(2) .btn path", + "targets": [ + ["css=.mb-3:nth-child(2) .btn path", "css:finder"] + ], + "value": "" + }, { + "id": "0a95e107-a515-46fe-80be-a4a102be8b95", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Convenience mechanism for wiring a FilesystemLoadSaveManager, loading from the specified source directory in the local filesystem. This attribute will be ignored if sourceManagerRef is also specified. Either this attribute or sourceManagerRef is required." + }, { + "id": "f5837e71-6c43-449e-8580-ee1ace17da5e", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "718a6f12-5933-4a38-a84f-c9061d238656", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(2) path", + "targets": [ + ["css=.row:nth-child(2) path", "css:finder"] + ], + "value": "" + }, { + "id": "927b5586-bea4-4ac5-a15b-8239540813e3", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "The minimum duration for which metadata will be cached before it is refreshed." + }, { + "id": "6afe9417-450d-4820-8ed4-300188f38196", + "comment": "", + "command": "mouseOut", + "target": "css=.row:nth-child(2) path", + "targets": [], + "value": "" + }, { + "id": "da0ce3d8-75e6-4b84-b3a7-8b423399044e", + "comment": "", + "command": "click", + "target": "css=body", + "targets": [], + "value": "" + }, { + "id": "b00df7f8-aa3c-4d5d-a518-61e822e1aece", + "comment": "", + "command": "pause", + "target": "1000", + "targets": [], + "value": "" + }, { + "id": "5f3a17b8-9ab0-43b9-a6e9-47dfc036760a", + "comment": "", + "command": "mouseOver", + "target": "css=.d-block path", + "targets": [ + ["css=.d-block path", "css:finder"] + ], + "value": "" + }, { + "id": "4ce1c46e-ebde-4444-a539-97c9697c04f1", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Flag indicating whether idle metadata should be removed." + }, { + "id": "1a2a4e97-e088-445f-af42-b918e6705d83", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "997ea47d-d04e-4f9b-80a8-de6f891bd112", + "comment": "", + "command": "click", + "target": "css=.save", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "48022847-6110-435c-9bcb-b99f6f510c06", + "comment": "", + "command": "waitForElementPresent", + "target": "linkText=LDMR", + "targets": [ + ["linkText=FBHMR", "linkText"], + ["css=.align-middle > a", "css:finder"], + ["xpath=//a[contains(text(),'FBHMR')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/div/table/tbody/tr/td[2]/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/b33533c3-dd67-418a-b387-188045e2f821/configuration/options')]", "xpath:href"], + ["xpath=//td[2]/a", "xpath:position"], + ["xpath=//a[contains(.,'FBHMR')]", "xpath:innerText"] + ], + "value": "30000" + }, { + "id": "2e40dcab-b51f-4cc6-94e7-fa4de7bc59b9", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [ + ["id=metadata-nav-dropdown-toggle", "id"], + ["css=#metadata-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='metadata-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[2]/button", "xpath:position"], + ["xpath=//button[contains(.,'Add New')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "949ba487-777e-49d3-ab7c-9d922c69583b", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-provider", + "targets": [ + ["id=metadata-nav-dropdown-provider", "id"], + ["linkText=Add a new metadata provider", "linkText"], + ["css=#metadata-nav-dropdown-provider", "css:finder"], + ["xpath=//a[contains(text(),'Add a new metadata provider')]", "xpath:link"], + ["xpath=//a[@id='metadata-nav-dropdown-provider']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/div/a[2]", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/new')]", "xpath:href"], + ["xpath=//a[2]", "xpath:position"], + ["xpath=//a[contains(.,'Add a new metadata provider')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "139a8974-e20a-40ed-b09c-5fbf7c045cb7", + "comment": "", + "command": "waitForElementEditable", + "target": "name=type", + "targets": [], + "value": "30000" + }, { + "id": "ca32e1ac-1b14-4511-8ee1-3786d9d54908", + "comment": "", + "command": "select", + "target": "name=type", + "targets": [], + "value": "label=DynamicHttpMetadataResolver" + }, { + "id": "f22135c5-c05b-4f03-8f75-75a818048264", + "comment": "", + "command": "type", + "target": "name=name", + "targets": [ + ["name=name", "name"], + ["css=.form-control", "css:finder"], + ["xpath=//input[@name='name']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/div/form/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "DHMR" + }, { + "id": "72d3d8ee-1c0e-4886-8a04-b696acd55ba9", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "7b4daefd-0731-4a52-b743-f18ec09de8c7", + "comment": "", + "command": "type", + "target": "id=root_xmlId", + "targets": [ + ["id=root_xmlId", "id"], + ["css=#root_xmlId", "css:finder"], + ["xpath=//input[@id='root_xmlId']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[3]/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "4" + }, { + "id": "85a6208a-fa62-40df-90ef-40e6169dbe47", + "comment": "", + "command": "select", + "target": "id=root_metadataRequestURLConstructionScheme_@type", + "targets": [ + ["id=root_metadataRequestURLConstructionScheme_@type", "id"], + ["css=#root_metadataRequestURLConstructionScheme_\\@type", "css:finder"], + ["xpath=//select[@id='root_metadataRequestURLConstructionScheme_@type']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[3]/div[2]/div/div/div/div/div/div/div/select", "xpath:idRelative"], + ["xpath=//select", "xpath:position"] + ], + "value": "label=Regex" + }, { + "id": "a6f1b350-eaa3-4748-8eb8-34ecac96ef01", + "comment": "", + "command": "type", + "target": "id=root_metadataRequestURLConstructionScheme_content", + "targets": [ + ["id=root_metadataRequestURLConstructionScheme_content", "id"], + ["css=#root_metadataRequestURLConstructionScheme_content", "css:finder"], + ["xpath=//input[@id='root_metadataRequestURLConstructionScheme_content']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[3]/div[2]/div/div/div[2]/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/input", "xpath:position"] + ], + "value": "foo" + }, { + "id": "93a5bbcd-9ee1-4fbc-9fd0-8ce2654edc8b", + "comment": "", + "command": "type", + "target": "id=root_metadataRequestURLConstructionScheme_match", + "targets": [ + ["id=root_metadataRequestURLConstructionScheme_match", "id"], + ["css=#root_metadataRequestURLConstructionScheme_match", "css:finder"], + ["xpath=//input[@id='root_metadataRequestURLConstructionScheme_match']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[3]/div[2]/div/div/div[3]/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div[3]/div/div/div/div/input", "xpath:position"] + ], + "value": "unicon.*" + }, { + "id": "b0bbc709-2c6a-4600-8eac-d3b4182b3bb8", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(3) > .col-12 > .mb-3 .btn > .svg-inline--fa", + "targets": [ + ["css=.row:nth-child(3) > .col-12 > .mb-3 .btn > .svg-inline--fa", "css:finder"] + ], + "value": "" + }, { + "id": "bafeaf78-91f6-496c-a199-52f2fb3681fe", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "A regular expression against which the entityID is evaluated." + }, { + "id": "36549098-a4b0-4660-a913-9aeb0ac83996", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "bdfb17e5-a4c9-408b-858b-7e2fddd7c350", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(2) path", + "targets": [ + ["css=.row:nth-child(2) path", "css:finder"] + ], + "value": "" + }, { + "id": "16cee316-9f39-481d-99be-34b61e0ed010", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "The minimum duration for which metadata will be cached before it is refreshed." + }, { + "id": "687d2359-86f5-45de-bbfd-6557f62fd6d1", + "comment": "", + "command": "mouseOut", + "target": "css=.row:nth-child(2) path", + "targets": [], + "value": "" + }, { + "id": "fba778ef-2d9a-4fe9-9e6a-291560e3d807", + "comment": "", + "command": "click", + "target": "css=body", + "targets": [], + "value": "" + }, { + "id": "86512870-b695-44b6-a112-ea60375586f4", + "comment": "", + "command": "pause", + "target": "1000", + "targets": [], + "value": "" + }, { + "id": "8f77dc16-2b54-46d7-b6bd-bf6fd046e8b6", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(8) .svg-inline--fa", + "targets": [ + ["css=.row:nth-child(8) .svg-inline--fa", "css:finder"] + ], + "value": "" + }, { + "id": "3fd29e97-1178-4bb5-9e76-22e89bca717c", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Flag indicating whether should initialize from the persistent cache in the background. Initializing from the cache in the background will improve IdP startup times." + }, { + "id": "d1ee0afc-651b-4da5-bd99-eac47bbceb78", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "aea0e033-111e-4a5d-8038-ec222786a695", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(4) .svg-inline--fa:nth-child(2)", + "targets": [ + ["css=.row:nth-child(4) .svg-inline--fa:nth-child(2)", "css:finder"] + ], + "value": "" + }, { + "id": "80e0d456-3951-4858-8423-7e04d6debb96", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Controls whether to keep entities descriptors that contain no entity descriptors. Note: If this attribute is set to false, the resulting output may not be schema-valid since an element must include at least one child element, either an element or an element." + }, { + "id": "148a84ef-0353-425d-9a63-79ccaa01478d", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "a4dea76b-c360-4093-badc-75920e2f4f77", + "comment": "", + "command": "click", + "target": "css=.save", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "3e26de95-6680-4b4e-af58-1f03b73feabc", + "comment": "", + "command": "waitForElementPresent", + "target": "linkText=DHMR", + "targets": [ + ["linkText=FBHMR", "linkText"], + ["css=.align-middle > a", "css:finder"], + ["xpath=//a[contains(text(),'FBHMR')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/div/table/tbody/tr/td[2]/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/b33533c3-dd67-418a-b387-188045e2f821/configuration/options')]", "xpath:href"], + ["xpath=//td[2]/a", "xpath:position"], + ["xpath=//a[contains(.,'FBHMR')]", "xpath:innerText"] + ], + "value": "30000" + }, { + "id": "a43927f1-4fbb-4963-b0c8-692422473e74", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [ + ["id=metadata-nav-dropdown-toggle", "id"], + ["css=#metadata-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='metadata-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[2]/button", "xpath:position"], + ["xpath=//button[contains(.,'Add New')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "e0f16faa-8a59-47d6-882e-be0641aeea24", + "comment": "", + "command": "click", + "target": "id=metadata-nav-dropdown-provider", + "targets": [ + ["id=metadata-nav-dropdown-provider", "id"], + ["linkText=Add a new metadata provider", "linkText"], + ["css=#metadata-nav-dropdown-provider", "css:finder"], + ["xpath=//a[contains(text(),'Add a new metadata provider')]", "xpath:link"], + ["xpath=//a[@id='metadata-nav-dropdown-provider']", "xpath:attributes"], + ["xpath=//div[@id='metadata-nav-dropdown']/div/a[2]", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/new')]", "xpath:href"], + ["xpath=//a[2]", "xpath:position"], + ["xpath=//a[contains(.,'Add a new metadata provider')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "b2e14d51-46d1-4ab6-963e-6783a7dc647f", + "comment": "", + "command": "waitForElementEditable", + "target": "name=type", + "targets": [], + "value": "30000" + }, { + "id": "b87c519c-2b8a-416f-aede-e982badbfd9c", + "comment": "", + "command": "select", + "target": "name=type", + "targets": [], + "value": "label=ExternalMetadataResolver" + }, { + "id": "0e186c0d-53cc-432c-b12d-28dd6ed7c3d4", + "comment": "", + "command": "type", + "target": "name=name", + "targets": [ + ["name=name", "name"], + ["css=.form-control", "css:finder"], + ["xpath=//input[@name='name']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/div/form/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "ExMR" + }, { + "id": "bfee0b94-d6aa-4623-81c5-d9241794e5f1", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "2c2c7589-3d4c-4db1-a5fc-d8e66e0b8831", + "comment": "", + "command": "type", + "target": "id=root_xmlId", + "targets": [ + ["id=root_xmlId", "id"], + ["css=#root_xmlId", "css:finder"], + ["xpath=//input[@id='root_xmlId']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[2]/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "5" + }, { + "id": "63444e5f-23c1-4da3-a5ba-e2ef8ad7b869", + "comment": "", + "command": "type", + "target": "id=root_description", + "targets": [ + ["id=root_description", "id"], + ["css=#root_description", "css:finder"], + ["xpath=//textarea[@id='root_description']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div[2]/div/div/form/div/div/div/div/div[2]/div[2]/div/div/textarea", "xpath:idRelative"], + ["xpath=//textarea", "xpath:position"] + ], + "value": "foo" + }, { + "id": "52604851-991e-4055-b926-21a8eae2d293", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3 > div > .form-label > .btn path", + "targets": [ + ["css=.mb-3 > div > .form-label > .btn path", "css:finder"] + ], + "value": "" + }, { + "id": "0c41fa31-f8ce-4247-8384-5ffe9dbb2a96", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "this tooltip is broken" + }, { + "id": "3252a66e-f891-479e-8a6a-53460b3af55c", + "comment": "", + "command": "click", + "target": "css=.next", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "dfb684d2-91d6-452f-ad3a-5072c318deb9", + "comment": "", + "command": "click", + "target": "css=.save", + "targets": [ + ["css=.nav-link", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/nav/ul/li[2]/button", "xpath:idRelative"], + ["xpath=//li[2]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "3c17b8c4-b76b-44d9-9240-90753ded5476", + "comment": "", + "command": "waitForElementPresent", + "target": "linkText=ExMR", + "targets": [ + ["linkText=FBHMR", "linkText"], + ["css=.align-middle > a", "css:finder"], + ["xpath=//a[contains(text(),'FBHMR')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/div/table/tbody/tr/td[2]/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/b33533c3-dd67-418a-b387-188045e2f821/configuration/options')]", "xpath:href"], + ["xpath=//td[2]/a", "xpath:position"], + ["xpath=//a[contains(.,'FBHMR')]", "xpath:innerText"] + ], + "value": "30000" + }, { + "id": "fe1c0584-e64f-478b-a9ba-5197b7c1fff7", + "comment": "", + "command": "click", + "target": "linkText=FBHMR", + "targets": [ + ["linkText=FBHMR", "linkText"], + ["css=tr:nth-child(1) a", "css:finder"], + ["xpath=//a[contains(text(),'FBHMR')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/div/div/table/tbody/tr/td[2]/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/69410b01-394d-428c-b164-ae0ecc277bf9/configuration/options')]", "xpath:href"], + ["xpath=//td[2]/a", "xpath:position"], + ["xpath=//a[contains(.,'FBHMR')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "cfb977fd-934b-4a2d-94b9-3e1fddc9d86f", + "comment": "", + "command": "click", + "target": "css=.btn:nth-child(2)", + "targets": [ + ["css=.btn:nth-child(2)", "css:finder"], + ["xpath=(//button[@type='button'])[6]", "xpath:attributes"], + ["xpath=//div[@id='navigation']/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Filters')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "3f1b1b9c-ac27-4a85-89f5-1edd350b134b", + "comment": "", + "command": "click", + "target": "linkText=Add Filter", + "targets": [ + ["linkText=Add Filter", "linkText"], + ["css=#filters .btn", "css:finder"], + ["xpath=//div[@id='filters']/div/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/provider/69410b01-394d-428c-b164-ae0ecc277bf9/filter/new')]", "xpath:href"], + ["xpath=//div[3]/div/div/a", "xpath:position"], + ["xpath=//a[contains(.,' Add Filter')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "7fa035f2-c14b-4452-8437-f15901428d76", + "comment": "", + "command": "mouseOver", + "target": "css=.fa-circle-info > path", + "targets": [ + ["css=.fa-circle-info > path", "css:finder"] + ], + "value": "" + }, { + "id": "1b66bf16-76ba-48db-a1b8-a230198ae4a2", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "The precise behavior of any element is controlled by the xsi:type attribute." + }, { + "id": "6f9ae687-770a-4932-bdc9-a33706a698b7", + "comment": "", + "command": "select", + "target": "name=type", + "targets": [ + ["name=type", "name"], + ["css=.form-select", "css:finder"], + ["xpath=//select[@name='type']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/div/div/div/form/div/select", "xpath:idRelative"], + ["xpath=//select", "xpath:position"] + ], + "value": "label=EntityAttributes" + }, { + "id": "e2b1a582-a3ce-4adb-b10c-0804f44a56ae", + "comment": "", + "command": "mouseOver", + "target": "css=.justify-content-start > .btn path", + "targets": [ + ["css=.justify-content-start > .btn path", "css:finder"] + ], + "value": "" + }, { + "id": "c42fe40a-496c-491b-834e-694181da46d1", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Indicates the type of search to be performed." + }, { + "id": "e4596fdd-7ffc-4636-95d3-870d6bd51f20", + "comment": "", + "command": "click", + "target": "css=.nav-link:nth-child(2)", + "targets": [ + ["css=.nav-link:nth-child(2)", "css:finder"], + ["xpath=(//button[@type='button'])[10]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div/nav/button[2]", "xpath:idRelative"], + ["xpath=//nav/button[2]", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "583b61c9-b021-452b-b488-1faf2be311b6", + "comment": "", + "command": "mouseOver", + "target": "css=.row:nth-child(5) path:nth-child(1)", + "targets": [ + ["css=.row:nth-child(5) path:nth-child(1)", "css:finder"] + ], + "value": "" + }, { + "id": "112094e0-5983-4de2-80c9-b667a85c0334", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Whether to turn off encryption of the response." + }, { + "id": "62691575-441e-4251-afd8-658fe8763578", + "comment": "", + "command": "select", + "target": "name=type", + "targets": [ + ["name=type", "name"], + ["css=.form-select", "css:finder"], + ["xpath=//select[@name='type']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/div/div/div/form/div/select", "xpath:idRelative"], + ["xpath=//select", "xpath:position"] + ], + "value": "label=NameIDFormat" + }, { + "id": "b358a7c0-87a5-4b74-8013-c0ab379278c2", + "comment": "", + "command": "mouseOver", + "target": "css=.ms-2 > path", + "targets": [ + ["css=.ms-2 > path", "css:finder"] + ], + "value": "" + }, { + "id": "5444d5e6-b455-4afa-8154-036c6e55303e", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Whether to remove any existing formats from a role if any are added by the filter (unmodified roles will be untouched regardless of this setting)" + }, { + "id": "59d268fc-f9ba-4c9c-b412-f17ca72b67d1", + "comment": "", + "command": "click", + "target": "css=.nav-link:nth-child(1)", + "targets": [ + ["css=.nav-link:nth-child(1)", "css:finder"], + ["xpath=(//button[@type='button'])[9]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div/nav/button", "xpath:idRelative"], + ["xpath=//div[2]/div/nav/button", "xpath:position"], + ["xpath=//button[contains(.,'Filter Target')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "8657a3bf-3547-456a-8802-a23eaf657e7c", + "comment": "", + "command": "mouseOver", + "target": "css=.btn-text:nth-child(1) > .svg-inline--fa", + "targets": [ + ["css=.btn-text:nth-child(1) > .svg-inline--fa", "css:finder"] + ], + "value": "" + }, { + "id": "424c3f2e-c1ed-4895-ad42-78953ea3bf39", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Search Criteria by Entity ID" + }, { + "id": "6dc07848-bf6c-4468-8cb9-6434fb61098c", + "comment": "", + "command": "click", + "target": "id=dropdown-label.filter-target-type", + "targets": [], + "value": "" + }, { + "id": "98b5db64-05cd-498e-a644-df6d2c8492a6", + "comment": "", + "command": "click", + "target": "css=.show > .dropdown-item:nth-child(2)", + "targets": [ + ["css=.show > .dropdown-item:nth-child(2)", "css:finder"], + ["xpath=(//button[@type='button'])[15]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[3]/div/div/div/fieldset/div/div/div/div/div/button[2]", "xpath:idRelative"], + ["xpath=//fieldset/div/div/div/div/div/button[2]", "xpath:position"], + ["xpath=//button[contains(.,'Regex')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f65720ad-5b7b-4193-a8d6-3ca976d2c976", + "comment": "", + "command": "mouseOver", + "target": "css=.btn-text:nth-child(1) path", + "targets": [ + ["css=.btn-text:nth-child(1) path", "css:finder"] + ], + "value": "" + }, { + "id": "46e83d10-00d0-4535-8387-2d84e1559ec2", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Search Criteria by Regex" + }, { + "id": "0067cff3-9879-4a44-a6a1-70711255dc7c", + "comment": "", + "command": "click", + "target": "id=dropdown-label.filter-target-type", + "targets": [], + "value": "" + }, { + "id": "96873967-eccb-48a1-9dd2-0d189919789c", + "comment": "", + "command": "click", + "target": "css=.show > .dropdown-item:nth-child(3)", + "targets": [ + ["css=.show > .dropdown-item:nth-child(2)", "css:finder"], + ["xpath=(//button[@type='button'])[15]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div[2]/div[2]/div[2]/div/form/div/div/div/div[3]/div/div/div/fieldset/div/div/div/div/div/button[2]", "xpath:idRelative"], + ["xpath=//fieldset/div/div/div/div/div/button[2]", "xpath:position"], + ["xpath=//button[contains(.,'Regex')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "295c441f-78c8-4949-9c0c-c9c6202c8943", + "comment": "", + "command": "mouseOver", + "target": "css=.btn-text:nth-child(1) path", + "targets": [ + ["css=.btn-text:nth-child(1) path", "css:finder"] + ], + "value": "" + }, { + "id": "7544cfe4-4314-4182-8518-6db7f951ca93", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Search Criteria by Script" + }, { + "id": "cbfaac4f-35af-4014-b0a9-0748c9ae78f0", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "7fe511ed-178f-4922-8539-ea5beaf82ad2", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] + }], + "suites": [{ + "id": "d2caeac4-7520-4e3c-96b1-840610b6983c", + "name": "Default Suite", + "persistSession": false, + "parallel": false, + "timeout": 300, + "tests": ["841ade0e-83bd-4a4b-94f2-de6bd5c536b2"] + }], + "urls": ["http://localhost:10101/"], + "plugins": [] +} \ No newline at end of file diff --git a/backend/src/integration/resources/SHIBUI-1674-3.side b/backend/src/integration/resources/SHIBUI-1674-3.side new file mode 100644 index 000000000..fa0a6f0cd --- /dev/null +++ b/backend/src/integration/resources/SHIBUI-1674-3.side @@ -0,0 +1,443 @@ +{ + "id": "1b31a551-eb09-4bd4-8db9-694bf1539a46", + "version": "2.0", + "name": "SHIBUI-1674-3", + "url": "http://localhost:10101", + "tests": [{ + "id": "841ade0e-83bd-4a4b-94f2-de6bd5c536b2", + "name": "SHIBUI-1674-3", + "commands": [{ + "id": "d6b23986-6d14-4b10-be7b-a7e6f576e3b2", + "comment": "", + "command": "open", + "target": "/login", + "targets": [], + "value": "" + }, { + "id": "f77ecd77-01c2-4463-944e-1a69600f5297", + "comment": "", + "command": "type", + "target": "name=username", + "targets": [ + ["name=username", "name"], + ["css=tr:nth-child(1) input", "css:finder"], + ["xpath=//input[@name='username']", "xpath:attributes"], + ["xpath=//input", "xpath:position"] + ], + "value": "admin" + }, { + "id": "c9bf0a22-faa9-494c-b2ed-6c9653248551", + "comment": "", + "command": "type", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "adminpass" + }, { + "id": "7ab1d854-3582-4101-bd19-f94b8f438090", + "comment": "", + "command": "sendKeys", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "${KEY_ENTER}" + }, { + "id": "4059cae7-b9f9-49d0-a213-343bcaba66d1", + "comment": "", + "command": "waitForElementVisible", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "f03af8d5-5875-4a2c-b93a-c3ddcbd4b16a", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "081f495b-4d84-4758-824c-1e85b6311e7f", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }, { + "id": "9e912dd5-6ace-45be-bafd-2d1655906575", + "comment": "", + "command": "open", + "target": "/", + "targets": [], + "value": "" + }, { + "id": "3bb52950-667c-4852-a98f-6a6fb5632ba5", + "comment": "", + "command": "waitForElementEditable", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "36f741ba-efc6-4837-b4ee-6afaf64eaa9a", + "comment": "", + "command": "click", + "target": "id=advanced-nav-dropdown-toggle", + "targets": [ + ["id=advanced-nav-dropdown-toggle", "id"], + ["css=#advanced-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='advanced-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='advanced-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[3]/button", "xpath:position"], + ["xpath=//button[contains(.,'Advanced')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "c1ece675-f7dd-467b-a559-5abf32c5bbe2", + "comment": "", + "command": "click", + "target": "id=advanced-nav-dropdown-attr", + "targets": [ + ["id=advanced-nav-dropdown-attr", "id"], + ["linkText=Custom entity attributes", "linkText"], + ["css=#advanced-nav-dropdown-attr", "css:finder"], + ["xpath=//a[contains(text(),'Custom entity attributes')]", "xpath:link"], + ["xpath=//a[@id='advanced-nav-dropdown-attr']", "xpath:attributes"], + ["xpath=//div[@id='advanced-nav-dropdown']/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/attributes')]", "xpath:href"], + ["xpath=//div[3]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'Custom entity attributes')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "b2d7669c-99d8-493c-8fa9-588191d0b7dc", + "comment": "", + "command": "click", + "target": "linkText=Add new attribute", + "targets": [ + ["linkText=Add new attribute", "linkText"], + ["css=.btn-success", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/attributes/new')]", "xpath:href"], + ["xpath=//div[2]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'  Add new attribute')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "6a47d0aa-0afe-4e61-afbf-44a56507a2e8", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3:nth-child(1) > div > div > .form-label > .btn path", + "targets": [ + ["css=.mb-3:nth-child(1) > div > div > .form-label > .btn path", "css:finder"] + ], + "value": "" + }, { + "id": "f0c42874-f4d4-4bd6-ba45-d5456555df77", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Name of the attribute that the service provider uses and requires from the identity provider. It corresponds to the element in the SAML assertion." + }, { + "id": "462beca1-71e3-4519-a478-f4e66824c3cc", + "comment": "", + "command": "mouseOut", + "target": "css=.mb-3:nth-child(1) > div > div > .form-label > .btn path", + "targets": [ + ["css=.mb-3:nth-child(1) > div > div > .form-label > .btn path", "css:finder"] + ], + "value": "" + }, { + "id": "1d0954f7-b5f4-4c6d-9e4f-90d1557ff57f", + "comment": "", + "command": "click", + "target": "css=body", + "targets": [], + "value": "" + }, { + "id": "0500c6db-2e9a-41be-a4f8-7ca36e3a2949", + "comment": "", + "command": "pause", + "target": "1000", + "targets": [], + "value": "" + }, { + "id": "d316301e-1e75-4c95-bc8a-efa5575b3cfb", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3 > .form-label > .btn > .svg-inline--fa", + "targets": [ + ["css=.mb-3 > .form-label > .btn > .svg-inline--fa", "css:finder"] + ], + "value": "" + }, { + "id": "587a92b2-743d-4c22-8788-103995b8a593", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Data type of the attribute such as boolean or string." + }, { + "id": "f2335699-a48b-4da0-906a-6b41fac18795", + "comment": "", + "command": "mouseOut", + "target": "css=.mb-3 > .form-label > .btn > .svg-inline--fa", + "targets": [], + "value": "" + }, { + "id": "15ab5915-5ee7-4942-9417-382d7171872f", + "comment": "", + "command": "click", + "target": "css=body", + "targets": [], + "value": "" + }, { + "id": "37cdbafc-1379-4338-bce0-cb9bdfedc31f", + "comment": "", + "command": "pause", + "target": "1000", + "targets": [], + "value": "" + }, { + "id": "9d4d25d7-3f22-4ca9-976b-fde51c951f44", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3:nth-child(3) .btn > .svg-inline--fa", + "targets": [ + ["css=.mb-3:nth-child(3) .btn > .svg-inline--fa", "css:finder"] + ], + "value": "" + }, { + "id": "b1c748cd-a506-4d83-be8b-d4a768b815d8", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "A descriptive or human-friendly name for users of the Shibboleth IDP UI." + }, { + "id": "37ac1e21-a74a-48b8-a8da-5639d4c3daf0", + "comment": "", + "command": "mouseOut", + "target": "css=.mb-3:nth-child(3) .btn > .svg-inline--fa", + "targets": [], + "value": "" + }, { + "id": "a5db41a9-79cb-4ac5-b637-15ab28b661a2", + "comment": "", + "command": "click", + "target": "css=body", + "targets": [], + "value": "" + }, { + "id": "2d273ecb-241c-4cdd-b7a9-202a9ca0241d", + "comment": "", + "command": "pause", + "target": "1000", + "targets": [], + "value": "" + }, { + "id": "6b365142-29d2-4d6f-a3ff-bcc06f8102ac", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3:nth-child(4) .btn path", + "targets": [ + ["css=.mb-3:nth-child(4) .btn path", "css:finder"] + ], + "value": "" + }, { + "id": "cc340bf7-11bd-4d80-9878-852d06e0a6a0", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Indicates how to interpret the attribute name. It corresponds to the element in the SAML assertion. This is normally a uri or urn." + }, { + "id": "bb6a3d64-d0a9-43ab-b60c-20dab1f04e15", + "comment": "", + "command": "mouseOut", + "target": "css=.mb-3:nth-child(4) .btn path", + "targets": [], + "value": "" + }, { + "id": "5ed8705f-fc06-43c4-8fb0-2200f2b17417", + "comment": "", + "command": "click", + "target": "css=body", + "targets": [], + "value": "" + }, { + "id": "ad456296-65ae-4eb3-ac6e-5d806fd8a9ba", + "comment": "", + "command": "pause", + "target": "1000", + "targets": [], + "value": "" + }, { + "id": "4d5c9b81-fa8b-4202-9617-9e66b11c6453", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3:nth-child(5) .btn path", + "targets": [ + ["css=.mb-3:nth-child(5) .btn path", "css:finder"] + ], + "value": "" + }, { + "id": "e7f5bec5-f0a7-464c-88e0-762dd3fd814d", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Provides a human readable value that identifies the subject. This value is not guaranteed to be unique and is designed to be used only for display purposes." + }, { + "id": "535899ed-dfc1-4e6d-98bf-1d798eba2653", + "comment": "", + "command": "mouseOut", + "target": "css=.mb-3:nth-child(5) .btn path", + "targets": [], + "value": "" + }, { + "id": "dd9c55ae-367a-4dc6-acd3-9a4fc70af3c8", + "comment": "", + "command": "click", + "target": "css=body", + "targets": [], + "value": "" + }, { + "id": "7f273e47-802d-42ce-9290-3ae6768a3835", + "comment": "", + "command": "pause", + "target": "1000", + "targets": [], + "value": "" + }, { + "id": "5e69982a-5611-4276-9145-b2ae74cafc5e", + "comment": "", + "command": "mouseOver", + "target": "css=.mb-3:nth-child(6) path", + "targets": [ + ["css=.mb-3:nth-child(6) path", "css:finder"] + ], + "value": "" + }, { + "id": "e40ca8bd-05f0-4266-85cd-ddc6f072b268", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "Defines help text used in the Shibboleth IDP UI when adding the attribute." + }, { + "id": "1903d80f-cd05-4b27-a8ee-7450f6ddfb1f", + "comment": "", + "command": "mouseOut", + "target": "css=.mb-3:nth-child(6) path", + "targets": [], + "value": "" + }, { + "id": "8d9f307d-d310-4fec-91d8-2d228bf07328", + "comment": "", + "command": "click", + "target": "css=body", + "targets": [], + "value": "" + }, { + "id": "a20bb255-c02f-46a2-a117-365506bf9820", + "comment": "", + "command": "pause", + "target": "1000", + "targets": [], + "value": "" + }, { + "id": "ff071936-517f-497a-bc8a-ffcc0244a860", + "comment": "", + "command": "click", + "target": "id=advanced-nav-dropdown-toggle", + "targets": [ + ["id=advanced-nav-dropdown-toggle", "id"], + ["css=#advanced-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='advanced-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='advanced-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[3]/button", "xpath:position"], + ["xpath=//button[contains(.,'Advanced')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "bf20a8b1-5efa-44b6-bae6-2f0c44216c5a", + "comment": "", + "command": "click", + "target": "id=advanced-nav-dropdown-bundles", + "targets": [ + ["id=advanced-nav-dropdown-bundles", "id"], + ["linkText=Attribute bundles", "linkText"], + ["css=#advanced-nav-dropdown-bundles", "css:finder"], + ["xpath=//a[contains(text(),'Attribute bundles')]", "xpath:link"], + ["xpath=//a[@id='advanced-nav-dropdown-bundles']", "xpath:attributes"], + ["xpath=//div[@id='advanced-nav-dropdown']/div/a[2]", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/attributes/bundles')]", "xpath:href"], + ["xpath=//a[2]", "xpath:position"], + ["xpath=//a[contains(.,'Attribute bundles')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a076e422-2bc2-4e73-b976-018306d00d42", + "comment": "", + "command": "click", + "target": "linkText=Add bundle", + "targets": [ + ["linkText=Add bundle", "linkText"], + ["css=.btn-success", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/div/section/div/div[2]/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/metadata/attributes/bundles/new')]", "xpath:href"], + ["xpath=//div[2]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'  Add bundle')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ca5dd037-f651-49bc-ae8e-2c4892a8dd8a", + "comment": "", + "command": "mouseOver", + "target": "css=.fa-circle-info", + "targets": [ + ["css=.fa-circle-info", "css:finder"] + ], + "value": "" + }, { + "id": "189111fe-dec8-4858-87dd-c2ae3b0d3318", + "comment": "", + "command": "assertText", + "target": "css=div[role=\"tooltip\"]", + "targets": [], + "value": "A user friendly name to identify the bundle" + }, { + "id": "18eb0ada-bc95-4bad-b891-b5c952ce25d1", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "de808d8a-e49a-4c10-99fb-25e28127437d", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] + }], + "suites": [{ + "id": "d2caeac4-7520-4e3c-96b1-840610b6983c", + "name": "Default Suite", + "persistSession": false, + "parallel": false, + "timeout": 300, + "tests": ["841ade0e-83bd-4a4b-94f2-de6bd5c536b2"] + }], + "urls": ["http://localhost:10101/"], + "plugins": [] +} \ No newline at end of file From b1bd8c85a51050283d1873853de71a1a2159b453 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Tue, 16 Aug 2022 10:44:11 -0700 Subject: [PATCH 37/58] Fixed issues with tooltips --- backend/src/main/resources/external.schema.json | 2 +- backend/src/main/resources/i18n/messages.properties | 5 +++-- backend/src/main/resources/metadata-sources-ui-schema.json | 1 + ui/public/assets/schema/provider/filebacked-http.schema.json | 2 +- ui/src/app/form/component/InfoIcon.js | 2 +- ui/src/theme/project/buttons.scss | 4 ++++ 6 files changed, 11 insertions(+), 5 deletions(-) diff --git a/backend/src/main/resources/external.schema.json b/backend/src/main/resources/external.schema.json index 8efb9141e..317d5ff7d 100644 --- a/backend/src/main/resources/external.schema.json +++ b/backend/src/main/resources/external.schema.json @@ -9,7 +9,7 @@ "properties": { "name": { "title": "label.metadata-provider-name-dashboard-display-only", - "description": "tooltip.metadata-provider-name-dashboard-display-only", + "description": "tooltip.metadata-provider-name", "type": "string", "widget": { "id": "string", diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 8dbd4d06a..12d5e1935 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -312,7 +312,7 @@ label.contact=Contact label.mdui=MDUI Information label.service-provider-sso-descriptor=Service Provider Sso Descriptor label.service-enabled=Service Enabled -label.filter-name=A name given to this filter to identify it within the Shibboleth IDP UI (used for display purposes only). +label.filter-name=Filter Name label.filter-enabled=Filter Enabled label.filter-target=FilterTarget label.filter-type=Filter Type @@ -666,6 +666,7 @@ tooltip.ignore-auth-method=Reject any AuthnReuests from this SP that contain an tooltip.omit-not-before-condition=Whether to include a NotBefore attribute in assertions. tooltip.responder-id=Identifier of the selected SAML IdP entity. tooltip.instruction=Information icon +tooltip.x509-certificates=Add an X509 Certificate, a digital certificate that uses the widely accepted international X509 public key infrastructure (PKI) standard to verify that a public key belongs to the service identity contained within the certificate. tooltip.attribute-release-table=Attribute release table - select the attributes you want to release (default unchecked) tooltip.metadata-filter-name=Metadata Filter Name tooltip.metadata-filter-type=The precise behavior of any element is controlled by the xsi:type attribute. @@ -709,7 +710,7 @@ tooltip.refresh-delay-factor=A factor applied to the initially determined refres tooltip.resolve-via-predicates-only=Flag indicating whether resolution may be performed solely by applying predicates to the entire metadata collection, when an entityID input criterion is not supplied. tooltip.expiration-warning-threshold=For each attempted metadata refresh (whether or not fresh metadata is obtained), if requireValidMetadata is true, and there is a validUntil XML attribute on the document root element, and the difference between validUntil and the current time is less than expirationWarningThreshold, the system logs a warning about the impending expiration. -tooltip.filter-name=Filter Name +tooltip.filter-name=A name given to this filter to identify it within the Shibboleth IDP UI (used for display purposes only). tooltip.enable-filter=If checkbox is clicked, the metadata filter is enabled for integration with the IdP. tooltip.enable-service=A boolean value representing whether or not this metadata should be enabled within the Shibboleth IDP UI. tooltip.search-by=Indicates the type of search to be performed. diff --git a/backend/src/main/resources/metadata-sources-ui-schema.json b/backend/src/main/resources/metadata-sources-ui-schema.json index 2d64f96bb..93ad3ec81 100644 --- a/backend/src/main/resources/metadata-sources-ui-schema.json +++ b/backend/src/main/resources/metadata-sources-ui-schema.json @@ -93,6 +93,7 @@ }, "x509Certificates": { "title": "label.x509-certificates", + "description": "tooltip.x509-certificates", "type": "array", "items": { "$ref": "#/definitions/Certificate" diff --git a/ui/public/assets/schema/provider/filebacked-http.schema.json b/ui/public/assets/schema/provider/filebacked-http.schema.json index e1b0d95c7..0c4fe29f6 100644 --- a/ui/public/assets/schema/provider/filebacked-http.schema.json +++ b/ui/public/assets/schema/provider/filebacked-http.schema.json @@ -28,7 +28,7 @@ "properties": { "name": { "title": "label.metadata-provider-name-dashboard-display-only", - "description": "tooltip.metadata-provider-name-dashboard-display-only", + "description": "tooltip.metadata-provider-name", "type": "string", "widget": { "id": "string", diff --git a/ui/src/app/form/component/InfoIcon.js b/ui/src/app/form/component/InfoIcon.js index a9dbb9363..1456cbd4b 100644 --- a/ui/src/app/form/component/InfoIcon.js +++ b/ui/src/app/form/component/InfoIcon.js @@ -16,7 +16,7 @@ export function InfoIcon ({ value = '', placement='auto', ...props }) { )} aria-label={translate('tooltip.instruction')}> - diff --git a/ui/src/theme/project/buttons.scss b/ui/src/theme/project/buttons.scss index 149e2e722..407d13bb1 100644 --- a/ui/src/theme/project/buttons.scss +++ b/ui/src/theme/project/buttons.scss @@ -16,6 +16,10 @@ $custom-control-spacer-x: 1rem; background: none; } +.btn.btn-text.info-icon { + color: $brand-primary; +} + .btn.btn-link { &:focus { outline: 5px auto -webkit-focus-ring-color; From 62baf93cc635aa8fff5e6513d54a16fb91daeab7 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Tue, 16 Aug 2022 11:58:53 -0700 Subject: [PATCH 38/58] Fixed grammar --- backend/src/main/resources/i18n/messages.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 12d5e1935..c225aa4c3 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -719,7 +719,7 @@ tooltip.max-cache-duration=The maximum duration for which metadata will be cache tooltip.max-idle-entity-data=The maximum duration for which metadata will be allowed to be idle (no requests for it) before it is removed from the cache. tooltip.cleanup-task-interval=The interval at which the internal cleanup task should run. This task performs background maintenance tasks, such as the removal of expired and idle metadata. tooltip.persistent-cache-manager-directory=The optional manager for the persistent cache store for resolved metadata. On metadata provider initialization, data present in the persistent cache will be loaded to memory, effectively restoring the state of the provider as closely as possible to that which existed before the previous shutdown. Each individual cache entry will only be loaded if 1) the entry is still valid as determined by the internal provider logic, and 2) the entry passes the (optional) predicate supplied via initializationFromCachePredicateRef. -tooltip.initialize-from-persistent-cache-in-background=Flag indicating whether system should initialize from the persistent cache in the background. Initializing from the cache in the background will improve IdP startup times. +tooltip.initialize-from-persistent-cache-in-background=Flag indicating whether the system should initialize from the persistent cache in the background. Initializing from the cache in the background will improve IdP startup times. tooltip.background-init-from-cache-delay=The delay after which to schedule the background initialization from the persistent cache when initializeFromPersistentCacheInBackground=true. tooltip.source-directory=Convenience mechanism for wiring a FilesystemLoadSaveManager, loading from the specified source directory in the local filesystem. This attribute will be ignored if sourceManagerRef is also specified. Either this attribute or sourceManagerRef is required. From da5a7ae5d856021ca5254c8db324f8139cb60568 Mon Sep 17 00:00:00 2001 From: Bill Smith Date: Tue, 16 Aug 2022 16:13:18 -0400 Subject: [PATCH 39/58] SHIBUI-1674 Test fixes and optimizations. --- .../admin/ui/SeleniumSIDETest.groovy | 2 +- .../integration/resources/SHIBUI-1674-1.side | 14 +++++---- .../integration/resources/SHIBUI-1674-2.side | 31 ++++++++++++------- 3 files changed, 28 insertions(+), 19 deletions(-) diff --git a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy index de68850a5..363f1a06f 100644 --- a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy +++ b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy @@ -154,9 +154,9 @@ class SeleniumSIDETest extends Specification { 'SHIBUI-2052: Logged in user & role appear on dashboard' | '/SHIBUI-2052.side' 'SHIBUI-2116: Verify entity attribute bundle highlights' | '/SHIBUI-2116.side' // Note that this script WILL NOT PASS in the Selenium IDE due to ${driver} not being set (it is provided by this groovy script). 'SHIBUI-2267: Verify new RPO CRUD' | '/SHIBUI-2267.side' - 'SHIBUI-2269: Verify XML generation of external filters' | '/SHIBUI-2269.side' 'SHIBUI-1674: Verify metadata source tooltips' | '/SHIBUI-1674-1.side' 'SHIBUI-1674: Verify metadata provider tooltips' | '/SHIBUI-1674-2.side' 'SHIBUI-1674: Verify advanced menu tooltips' | '/SHIBUI-1674-3.side' + 'SHIBUI-2269: Verify XML generation of external filters' | '/SHIBUI-2269.side' } } diff --git a/backend/src/integration/resources/SHIBUI-1674-1.side b/backend/src/integration/resources/SHIBUI-1674-1.side index b9fed57ad..e2c62c188 100644 --- a/backend/src/integration/resources/SHIBUI-1674-1.side +++ b/backend/src/integration/resources/SHIBUI-1674-1.side @@ -303,7 +303,7 @@ "command": "assertText", "target": "css=div[role=\"tooltip\"]", "targets": [], - "value": "Whether to sign requests." + "value": "Whether to sign requests. Signing requests helps to verify that the request from the SP is authentic." }, { "id": "e1c906a3-bd1d-4684-b6fb-56de3a653579", "comment": "", @@ -387,7 +387,9 @@ "command": "mouseOver", "target": "css=.row:nth-child(8) path:nth-child(1)", "targets": [ - ["css=.row:nth-child(8) path:nth-child(1)", "css:finder"] + ["css=.app-root", "css:finder"], + ["xpath=//div[@id='root']/div", "xpath:idRelative"], + ["xpath=//div[3]/div", "xpath:position"] ], "value": "" }, { @@ -396,7 +398,7 @@ "command": "assertText", "target": "css=div[role=\"tooltip\"]", "targets": [], - "value": "Whether to ignore any SP-Requested Authentication Method." + "value": "Do not sign the full authentication response to the service provider. Enabling this property will reduce the size of the response to service providers who may have limitations to the size of the response." }, { "id": "87036a6f-aebd-4ef1-8cb8-03d082676c03", "comment": "", @@ -719,9 +721,9 @@ "id": "2928ba27-b934-499e-8dda-8441dbbb463d", "comment": "", "command": "mouseOver", - "target": "css=.row:nth-child(6) path:nth-child(1)", + "target": "css=.row:nth-child(7) path:nth-child(1)", "targets": [ - ["css=.row:nth-child(6) path:nth-child(1)", "css:finder"] + ["css=.row:nth-child(7) path:nth-child(1)", "css:finder"] ], "value": "" }, { @@ -732,7 +734,7 @@ "targets": [ ["css=.row:nth-child(1) > .col-12 .btn > .svg-inline--fa", "css:finder"] ], - "value": "Disallows use (or reuse) of authentication results and login flows that don't provide a real-time proof of user presence in the login process." + "value": "Disallows use (or reuse) of authentication results and login flows that don't provide a real-time proof of user presence in the login process" }, { "id": "1ff63b39-ee65-46a0-9258-56209aa63e4b", "comment": "", diff --git a/backend/src/integration/resources/SHIBUI-1674-2.side b/backend/src/integration/resources/SHIBUI-1674-2.side index f05b1e1f9..fb33695f5 100644 --- a/backend/src/integration/resources/SHIBUI-1674-2.side +++ b/backend/src/integration/resources/SHIBUI-1674-2.side @@ -146,9 +146,9 @@ "id": "2f6171c0-f11f-4d3a-99fe-4ba3ef743f3f", "comment": "", "command": "mouseOver", - "target": "css=.mb-3:nth-child(2) path", + "target": "css=.mb-3:nth-child(2) .info-icon > .svg-inline--fa", "targets": [ - ["css=.mb-3:nth-child(2) path", "css:finder"] + ["css=.mb-3:nth-child(2) .info-icon > .svg-inline--fa", "css:finder"] ], "value": "" }, { @@ -396,9 +396,9 @@ "id": "3e9efc71-b8e5-4d0e-99f1-5605f0984768", "comment": "", "command": "mouseOver", - "target": "css=.mb-3:nth-child(1) path", + "target": "css=.mb-3:nth-child(1) .info-icon path", "targets": [ - ["css=.mb-3:nth-child(1) path", "css:finder"] + ["css=.mb-3:nth-child(1) .info-icon path", "css:finder"] ], "value": "" }, { @@ -423,7 +423,7 @@ }, { "id": "b83ea670-06b0-45e7-b4e3-af137de66d44", "comment": "", - "command": "waitForElementEditable", + "command": "waitForElementVisible", "target": "id=root_xmlId", "targets": [], "value": "30000" @@ -954,7 +954,7 @@ "command": "assertText", "target": "css=div[role=\"tooltip\"]", "targets": [], - "value": "Flag indicating whether should initialize from the persistent cache in the background. Initializing from the cache in the background will improve IdP startup times." + "value": "Flag indicating whether the system should initialize from the persistent cache in the background. Initializing from the cache in the background will improve IdP startup times." }, { "id": "d1ee0afc-651b-4da5-bd99-eac47bbceb78", "comment": "", @@ -1133,7 +1133,7 @@ "command": "assertText", "target": "css=div[role=\"tooltip\"]", "targets": [], - "value": "this tooltip is broken" + "value": "A brief description of the purpose of this filter." }, { "id": "3252a66e-f891-479e-8a6a-53460b3af55c", "comment": "", @@ -1231,6 +1231,13 @@ "target": "css=div[role=\"tooltip\"]", "targets": [], "value": "The precise behavior of any element is controlled by the xsi:type attribute." + }, { + "id": "e4442dad-6000-49dd-96ca-85ea2a49e805", + "comment": "", + "command": "click", + "target": "css=body", + "targets": [], + "value": "" }, { "id": "6f9ae687-770a-4932-bdc9-a33706a698b7", "comment": "", @@ -1277,9 +1284,9 @@ "id": "583b61c9-b021-452b-b488-1faf2be311b6", "comment": "", "command": "mouseOver", - "target": "css=.row:nth-child(5) path:nth-child(1)", + "target": "css=.row:nth-child(6) .svg-inline--fa:nth-child(2)", "targets": [ - ["css=.row:nth-child(5) path:nth-child(1)", "css:finder"] + ["css=.row:nth-child(6) .svg-inline--fa:nth-child(2)", "css:finder"] ], "value": "" }, { @@ -1346,7 +1353,7 @@ "command": "assertText", "target": "css=div[role=\"tooltip\"]", "targets": [], - "value": "Search Criteria by Entity ID" + "value": "The value used to search against, such as a regex pattern or entityID to match against." }, { "id": "6dc07848-bf6c-4468-8cb9-6434fb61098c", "comment": "", @@ -1382,7 +1389,7 @@ "command": "assertText", "target": "css=div[role=\"tooltip\"]", "targets": [], - "value": "Search Criteria by Regex" + "value": "The value used to search against, such as a regex pattern or entityID to match against." }, { "id": "0067cff3-9879-4a44-a6a1-70711255dc7c", "comment": "", @@ -1418,7 +1425,7 @@ "command": "assertText", "target": "css=div[role=\"tooltip\"]", "targets": [], - "value": "Search Criteria by Script" + "value": "The value used to search against, such as a regex pattern or entityID to match against." }, { "id": "cbfaac4f-35af-4014-b0a9-0748c9ae78f0", "comment": "", From 451af42c06db10c856dd6bcf0048207868d6a2b3 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 16 Aug 2022 15:18:24 -0700 Subject: [PATCH 40/58] SHIBUI-2270 Starting backend work --- .../ui/domain/ShibConfigurationProperty.java | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java new file mode 100644 index 000000000..945f9ff96 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java @@ -0,0 +1,55 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain; + +import lombok.Data; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.Id; +import java.util.UUID; + +@Entity(name = "shib_configuration_prop") +@Audited +@Data +public class ShibConfigurationProperty { + @Id + @Column(name = "resource_id", nullable = false) + String resourceId = UUID.randomUUID().toString(); + + @Column(name = "category", nullable = false) + String category; + + @Column(name = "config_file", nullable = false) + String configFile; + + @Column(name = "default_value", nullable = false) + String defaultValue; + + @Column(name = "description") + String description; + + @Column(name = "idp_version", nullable = false) + String idpVersion; + + @Column(name = "module") + String module; + + @Column(name = "module_version") + String moduleVersion; + + @Column(name = "note") + String note; + + @Column(name = "property_name", nullable = false) + String propertyName; + + @Column(name = "property_type", nullable = false) + PropertyType propertyType; + + @Column(name = "property_value", nullable = false) + String propertyValue; +} + +enum PropertyType { + BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING +} \ No newline at end of file From e52d50249d4394f552352aaf3eba44af9678fd07 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 16 Aug 2022 15:18:40 -0700 Subject: [PATCH 41/58] SHIBUI-2270 Starting backend work --- .../src/main/resources/db/changelog/temp.sql | 656 ++++++++++++++++++ 1 file changed, 656 insertions(+) create mode 100644 backend/src/main/resources/db/changelog/temp.sql diff --git a/backend/src/main/resources/db/changelog/temp.sql b/backend/src/main/resources/db/changelog/temp.sql new file mode 100644 index 000000000..927ab6522 --- /dev/null +++ b/backend/src/main/resources/db/changelog/temp.sql @@ -0,0 +1,656 @@ +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('17', 'SecurityConfiguration', 'idp.properties', 'Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified', 'all', null, null, null, null, 'idp.cookie.sameSite', 'SELECTION_LIST', 'None,Lax,Strict', null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('3', 'RelyingPartyConfiguration', 'idp.properties', 'The unique name of the IdP used as the iisuer in all SAML profiles', 'all', null, null, 'ex. https://unicon.net/idp/shibboleth', null, 'idp.entityID', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('7', 'RelyingPartyConfiguration', 'idp.properties', 'Identifies the endpoint in SAML metadata associated with artifacts issued by a server node', 'all', null, null, null, '2', 'idp.artifact.endpointIndex', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('16', 'SecurityConfiguration', 'idp.properties', 'Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)', 'all', null, null, null, '31536000', 'idp.cookie.maxAge', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('21', 'SecurityConfiguration', 'idp.properties', 'Time between checks for a new AES key version', 'all', null, null, null, 'PT15M', 'idp.sealer.updateInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('394', 'ReloadableServices', 'services.properties', 'Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads', 'all', null, null, null, '0', 'idp.service.metadata.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('537', 'OPDynamicClientRegistration', 'oidc.properties', 'Registration lifetime', '4.1', 'idp.oidc.OP', '3', null, 'PT24H', 'idp.oidc.dynreg.defaultRegistrationValidity', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('602', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Leeway allowed in token expiry calculations', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.clockSkew', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('603', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum amount (in either direction from now) of duration for which a token is valid after it is issued', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.iatWindow', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('606', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'How long the authentication is valid. Only applies to forced authentication requests.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.authLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('131', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.truststore - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustStore', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('10', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, 'file pathname', '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('4', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, null, '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('2', 'Core', 'idp.properties', 'Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.', 'all', null, null, 'Comma seperated list of values ex. /conf/ldap.properties, /conf/services.properties', null, 'idp.additionalProperties', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('23', 'SecurityConfiguration', 'idp.properties', 'Keystore resource containing AES encryption key usually a file path', 'all', null, null, 'resource path', null, 'idp.sealer.storeResource', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('12', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will be limited to TLS', 'all', null, null, null, 'false', 'idp.cookie.secure', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('71', 'SessionConfiguration', 'idp.properties', 'Whether to hide storage failures from users during session cache reads/writes', 'all', null, null, null, 'false', 'idp.session.maskStorageFailure', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('130', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load trust anchors from when using sslConfig = certificateTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.crt - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustCertificates', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('11', 'Core', 'idp.properties', 'applies a (fixed) scope typically a domain-valued suffix to an input attribute''s values', 'all', null, null, null, null, 'idp.scope', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('14', 'SecurityConfiguration', 'idp.properties', 'Overrides the domain of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.domain', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('33', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SecurityConfiguration', 'all', null, null, 'Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)', 'shibboleth.DefaultSecurityConfiguration', 'idp.security.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('34', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SignatureSigningConfiguration', 'all', null, null, 'Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)', 'shibboleth.SigningConfiguration.SHA256', 'idp.signing.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('8', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.artifact.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('18', 'SecurityConfiguration', 'idp.properties', 'Predicate condition bean controlling whether SameSite filter runs', 'all', null, null, 'Bean ID of Predicate', 'shibboleth.Conditions.FALSE', 'idp.cookie.sameSiteCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('15', 'SecurityConfiguration', 'idp.properties', 'Overrides the path of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.path', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('20', 'SecurityConfiguration', 'idp.properties', 'Type of Java keystore used for IdP''s internal AES encryption key', 'all', null, null, null, 'JCEKS', 'idp.sealer.storeType', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('40', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped messages', 'all', null, null, null, 'PT3M', 'idp.policy.messageLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('41', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped assertions', 'all', null, null, null, 'PT3M', 'idp.policy.assertionLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('42', 'SecurityConfiguration', 'idp.properties', 'Default allowance for clock differences between systems', 'all', null, null, null, 'PT3M', 'idp.policy.clockSkew', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('57', 'StorageConfiguration', 'idp.properties', 'Interval of background thread sweeping server-side storage for expired records', 'all', null, null, null, 'PT10M', 'idp.storage.cleanupInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('69', 'SessionConfiguration', 'idp.properties', 'Inactivity timeout policy for IdP sessions (must be non-zero)', 'all', null, null, null, 'PT60M', 'idp.session.timeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('70', 'SessionConfiguration', 'idp.properties', 'Extra time after expiration before removing SP sessions in case a logout is invoked', 'all', null, null, null, '0', 'idp.session.slop', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('24', 'SecurityConfiguration', 'idp.properties', 'Resource that tracks the active AES encryption key version usually a file path', 'all', null, null, null, null, 'idp.sealer.versionResource', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('66', 'SessionConfiguration', 'idp.properties', 'Number of characters in IdP session identifiers', 'all', null, null, null, '32', 'idp.session.idSize', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('27', 'SecurityConfiguration', 'idp.properties', 'Resource containing private key for signing typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('50', 'Core', 'idp.properties', 'Location from which to load user-supplied webflows from', 'all', null, null, 'resource path', '%{idp.home}/flows', 'idp.webflows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('22', 'SecurityConfiguration', 'idp.properties', 'Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)', 'all', null, null, null, 'secret', 'idp.sealer.aliasBase', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('37', 'SecurityConfiguration', 'idp.properties', 'Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration', 'all', null, null, null, 'Default', 'idp.encryption.keyagreement.metadata.defaultUseKeyWrap', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('46', 'CSRF', 'idp.properties', 'Name of the HTTP parameter that stores the CSRF token', '4', null, null, null, 'csrf_token', 'idp.csrf.token.parameter', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('61', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for message replay checking (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.replayCache.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('38', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify signatures', 'all', null, null, 'Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)', 'shibboleth.ChainingSignatureTrustEngine', 'idp.trust.signatures', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('36', 'SecurityConfiguration', 'idp.properties', 'If true failure to locate an encryption key to use won''t result in request failure', 'all', null, null, null, 'false', 'idp.encryption.optional', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('52', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to expose detailed error causes in status information provided to outside parties', 'all', null, null, null, 'false', 'idp.errors.detailed', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('58', 'StorageConfiguration', 'idp.properties', 'Whether to use HTML Local Storage (if available) instead of cookies', 'all', null, null, null, 'false', 'idp.storage.htmlLocalStorage', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('47', 'Core', 'idp.properties', 'Auto-configures an HSTS response header', 'all', null, null, null, 'max-age=0', 'idp.hsts', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('49', 'Core', 'idp.properties', 'Auto-configures a Content Security Policy response header', 'all', null, null, null, 'frame-ancestors ''none''', 'idp.csp', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('25', 'SecurityConfiguration', 'idp.properties', 'Keystore password unlocking AES encryption keystore typically set during installation', 'all', null, null, null, null, 'idp.sealer.storePassword', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('54', 'ErrorHandlingConfiguration', 'idp.properties', 'The default view name to render for exceptions and events', 'all', null, null, null, 'error', 'idp.errors.defaultView', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('59', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default per-session instance of the client storage service', 'all', null, null, null, 'shib_idp_session_ss', 'idp.storage.clientSessionStorageName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('51', 'Core', 'idp.properties', 'Location from which to load user-modifiable Velocity view templates. This can be set to include "classpath*:/META-INF/net/shibboleth/idp/views" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables suppor', 'all', null, null, 'Comma seperated list of values', '%{idp.home}/views', 'idp.views', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('48', 'Core', 'idp.properties', 'Auto-configures an X-Frame-Options response header', 'all', null, null, null, 'DENY', 'idp.frameoptions', 'SELECTION_LIST', 'DENY,SAMEORIGIN', null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('74', 'SessionConfiguration', 'idp.properties', 'Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting', 'all', null, null, null, 'PT2H', 'idp.session.defaultSPlifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('76', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default amount of time to allow reuse prior authentication flows', 'all', null, null, 'measured since first usage', 'PT60M', 'idp.authn.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('77', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default inactivity timeout to prevent reuse of prior authentication flows', 'all', null, null, 'measured since last usage', 'PT30M', 'idp.authn.defaultTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('86', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.attribute-release.userStorageKeyAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('98', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit', 'all', null, null, null, '10', 'idp.consent.maxStoredRecords', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('28', 'SecurityConfiguration', 'idp.properties', 'Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.cert', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('100', 'ConsentConfiguration', 'idp.properties', 'Time in milliseconds to expire consent storage records', '4.x', null, null, '(v4.0=P1Y,v4.1=infinite)', null, 'idp.consent.storageRecordLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('90', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.terms-of-use.userStorageKeyAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('91', 'ConsentConfiguration', 'idp.properties', 'Suffix of message property used as value of consent storage records when idp.consent.compareValues is true', 'all', null, null, null, '.text', 'idp.consent.terms-of-use.consentValueMessageCodeSuffix', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('31', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate private key for decryption generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.key.2', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('84', 'ConsentConfiguration', 'idp.properties', 'Name of storage service used to store users'' consent choices', 'all', null, null, null, 'shibboleth.ClientPersistentStorageService', 'idp.consent.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('85', 'ConsentConfiguration', 'idp.properties', 'Name of function used to return the String storage key representing a user defaults to the principal name', 'all', null, null, null, 'shibboleth.consent.PrincipalConsentStorageKey', 'idp.consent.attribute-release.userStorageKey', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('72', 'SessionConfiguration', 'idp.properties', 'Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)', 'all', null, null, null, 'false', 'idp.session.trackSPSessions', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('73', 'SessionConfiguration', 'idp.properties', 'Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)', 'all', null, null, null, 'false', 'idp.session.secondaryServiceIndex', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('55', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it''s not necessary to fully qualify the class).', 'all', null, null, 'Bean ID of Properties (java.util.Properties)', null, 'idp.errors.excludedExceptions', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('56', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)', 'all', null, null, 'Bean ID of Collection (java.util)', null, 'idp.errors.exceptionMappings', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('79', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to prioritize prior authentication results when an SP requests more than one possible matching method', 'all', null, null, null, 'false', 'idp.authn.favorSSO', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('81', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to fail requests if a user identity after authentication doesn''t match the identity in a pre-existing session.', 'all', null, null, null, 'false', 'idp.authn.identitySwitchIsError', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('32', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate public key certificate generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.cert.2', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('30', 'SecurityConfiguration', 'idp.properties', 'Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.cert', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('29', 'SecurityConfiguration', 'idp.properties', 'Resource containing a private key for decryption typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('75', 'AuthenticationConfiguration', 'authn/authn.properties', 'Required expression that identifies the login flows to globally enable', 'all', null, null, 'ex. Password, MA, DUO', null, 'idp.authn.flows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('60', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default persistent instance of the client storage service', 'all', null, null, null, 'shib_idp_persistent_ss', 'idp.storage.clientPersistentStorageName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('26', 'SecurityConfiguration', 'idp.properties', 'Key password unlocking AES encryption key typically set to the same as the previous property and set during installation', 'all', null, null, null, null, 'idp.sealer.keyPassword', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('65', 'SessionConfiguration', 'idp.properties', 'Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)', '4.2', null, null, null, 'shib_idp_session', 'idp.session.cookieName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('82', 'AuthenticationConfiguration', 'authn/authn.properties', 'Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose', '4.1', null, null, null, null, 'idp.authn.discoveryURL', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('99', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using larger/server-side storage, 0 = no limit', 'all', null, null, null, '0', 'idp.consent.expandedMaxStoredRecords', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('88', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.attribute-release.auditFormat', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('93', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.terms-of-use.auditFormat', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('121', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'GeneralImpersonationPolicy', 'idp.impersonate.generalPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('152', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to search with the validateFilter: defaults to the rootDSE', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.pool.LDAP.validateDN', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('122', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'SpecificImpersonationPolicy', 'idp.impersonate.specificPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('124', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection URI for LDAP directory', 'all', null, null, 'LDAP URI ex. ldap://localhost or ldaps://localhost - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.ldapURL', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('114', 'FTICKSLoggingConfiguration', 'idp.properties', 'Digest algorithm used to obscure usernames', 'all', null, null, null, 'SHA-2', 'idp.fticks.algorithm', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('116', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog host', 'all', null, null, null, 'localhost', 'idp.fticks.loghost', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('112', 'FTICKSLoggingConfiguration', 'idp.properties', 'Enables F-TICKS output and specifies the value of the federation-identifier field', 'all', null, null, null, null, 'idp.fticks.federation', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('137', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDNCredential', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('115', 'FTICKSLoggingConfiguration', 'idp.properties', 'A salt to apply when digesting usernames (if not specified, the username will not be included)', 'all', null, null, null, null, 'idp.fticks.salt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('138', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator', 'all', null, null, 'ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.dnFormat', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('109', 'CasProtocolConfiguration', 'idp.properties', 'Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed "simple" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)', 'all', null, null, null, 'shibboleth.StorageService', 'idp.cas.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('113', 'FTICKSLoggingConfiguration', 'idp.properties', 'Optional bean name of a Predicate to use to decide whether to run', '4.1', null, null, null, null, 'idp.fticks.condition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('110', 'CasProtocolConfiguration', 'idp.properties', 'CAS service registry implementation class', 'all', null, null, null, 'net.shibboleth.idp.cas.service.PatternServiceRegistry', 'idp.cas.serviceRegistryClass', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('107', 'Core', 'idp.properties', 'Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)', 'all', null, null, 'Bean ID of HttpClient to use for SOAP-based logout', 'SOAPClient.HttpClient', 'idp.soap.httpClient', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('106', 'LogoutConfiguration', 'idp.properties', 'Applies the "display:none" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user', '4.2', null, null, null, 'false', 'idp.logout.propagationHidden', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('119', 'Core', 'idp.properties', 'Set to true to fail on velocity syntax errors', 'all', null, null, null, 'false', 'idp.velocity.runtime.strictmode', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('162', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it', '4.1', null, null, null, null, 'idp.authn.Krb5.servicePrincipal', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('117', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog port', 'all', null, null, null, '514', 'idp.fticks.logport', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('120', 'Core', 'idp.properties', 'Path to use with External interceptor flow', 'all', null, null, null, 'contextRelative:intercept.jsp', 'idp.intercept.External.externalPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('108', 'Core', 'idp.properties', 'languages to use if no match can be found with the browser-supported languages', 'all', null, null, 'Comma seperated list of values ex. en, fr, de', null, 'idp.ui.fallbackLanguages', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('154', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between looking for idle connections to reduce the pool back to its minimum size', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.prunePeriod', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('151', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between validation if idp.pool.LDAP.validatePeriodically is true', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.validatePeriod', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('166', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.External', null, null, '1000', 'idp.authn.External.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('141', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Policy Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordPolicy', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('321', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('176', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('153', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Search filter to execute in order to validate a pooled connection', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', '(objectClass=*)', 'idp.pool.LDAP.validateFilter', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('191', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('192', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('184', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('185', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('187', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('181', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUser', null, 'regex expected', null, 'idp.authn.RemoteUser.matchExpression', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('202', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'A regular expression that must match the username', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('158', 'JAASAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited set of JAAS application configuration names to use', '4.1', null, null, null, 'ShibUserPassAuth', 'idp.authn.JAAS.loginConfigNames', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('164', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.External', null, null, 'contextRelative:external.jsp', 'idp.authn.External.externalAuthnPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('221', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Servlet-relative path to the SPNEGO external authentication implementation', '4.1', 'idp.authn.SPNEGO', null, 'URL path', '/Authn/SPNEGO', 'idp.authn.SPNEGO.externalAuthnPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('207', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.RemoteUserInternal', null, null, '1000', 'idp.authn.RemoteUserInternal.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('224', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.SPNEGO', null, 'regex expected', null, 'idp.authn.SPNEGO.matchExpression', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('211', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.RemoteUserInternal.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('206', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('214', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.RemoteUserInternal.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('216', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('217', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('230', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SPNEGO.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('208', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('215', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.RemoteUserInternal.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('540', 'OPMetadataPolicies', 'oidc.properties', 'Full path to the file containing default metadata policy used for dynamic client registration', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.dynreg.defaultMetadataPolicyFile', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('205', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'contextRelative:external.jsp', 'idp.authn.RemoteUserInternal.externalAuthnPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('225', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Name of cookie used to track auto-login state of client', '4.2', 'idp.authn.SPNEGO', null, null, '_idp_spnego_autologin', 'idp.authn.SPNEGO.cookieName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('303', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.integrationKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('304', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.secretKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('197', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited lists of request attributes to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('226', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.SPNEGO', null, null, '1000', 'idp.authn.SPNEGO.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('218', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('236', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('250', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('251', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('242', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('234', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SPNEGO.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('248', 'X509AuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('249', 'X509AuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('263', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509Internal.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('243', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('244', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('399', 'ReloadableServices', 'services.properties', 'Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry', 'all', null, null, null, 'true', 'idp.service.attribute.registry.encodeType', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('403', 'ReloadableServices', 'services.properties', 'Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.resolver.maskFailures', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('405', 'ReloadableServices', 'services.properties', 'Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so ther', '4.2', null, null, null, 'true', 'idp.service.attribute.resolver.suppressDisplayInfo', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('264', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509Internal.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('198', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of request headers to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkHeaders', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('203', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to accept while blocking all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.allowedUsernames', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('204', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to deny while accepting all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.deniedUsernames', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('219', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.RemoteUserInternal.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('360', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:mace:shibboleth:1.0:nameIdentifier', 'idp.nameid.saml1.default', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('241', 'X509AuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.X509', null, null, '1000', 'idp.authn.X509.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('256', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.X509Internal.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('237', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step', '4.1', null, null, null, null, 'idp.authn.SAML.outboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('265', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('266', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('291', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.Function.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('292', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.Function.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('579', 'OPSubClaim', 'oidc.properties', 'Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.salt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('598', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.secretKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('608', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI integration key supplied by Duo', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.nonbrowser.integrationKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('643', 'Metadatagen', 'mdgen.properties', 'A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.displayname.', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('279', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('280', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('293', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('294', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('319', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('320', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('353', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('314', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.Duo.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('311', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('336', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.SAML.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('358', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for generating transient IDs', 'all', null, null, 'Bean ID of a TransientIdGenerationStrategy', 'shibboleth.CryptoTransientIdGenerator', 'idp.transientId.generator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('333', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', null, null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SAML.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('348', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.MFA.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('327', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of Function to run at the late stages of Response decoding/processing', '4.1', null, null, null, null, 'idp.authn.SAML.inboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('328', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of AssertionValidator to run', '4.1', null, null, null, null, 'idp.authn.SAML.assertionValidator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('338', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('339', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('337', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SAML.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('351', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.MFA.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('352', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.MFA.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('330', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.SAML.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('296', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Function', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.Function.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('305', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Factor', 'idp.duo.nonbrowser.header.factor', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('306', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Device', 'idp.duo.nonbrowser.header.device', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('331', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('332', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('335', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.SAML.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('307', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Passcode', 'idp.duo.nonbrowser.header.passcode', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('299', 'DuoAuthnConfiguration', 'authn/duo.properties', 'A secret supplied by you and not shared with Duo; see https://duo.com/docs/duoweb-v2, "Generate an akey".', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.applicationKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('300', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.integrationKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('322', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Duo', null, null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.Duo.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('301', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.secretKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('325', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Statically-defined entityID of IdP to use for authentication', '4.1', null, null, null, null, 'idp.authn.SAML.proxyEntityID', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('359', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'idp.nameid.saml2.default', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('329', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.SAML.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('344', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.MFA', null, null, '1000', 'idp.authn.MFA.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('340', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('370', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services', 'all', null, null, null, 'shibboleth.ComputedIdExceptionMap', 'idp.persistentId.exceptionMap', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('388', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for RelyingPartyConfiguration', 'all', null, null, null, 'shibboleth.RelyingPartyResolverResources', 'idp.service.relyingparty.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('367', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'An encoded form of the persistentId.salt', 'all', null, null, null, null, 'idp.persistentId.encodedSalt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('389', 'ReloadableServices', 'services.properties', 'Fail at startup if RelyingPartyConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.relyingparty.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('362', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies a data source for storage-based management of persistent IDs', 'all', null, null, 'Bean ID of a JDBC DataSource', null, 'idp.persistentId.dataSource', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('361', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for sourcing persistent IDs', 'all', null, null, 'Bean ID of a PairwiseIdStore', 'shibboleth.ComputedPersistentIdGenerator', 'idp.persistentId.generator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('391', 'ReloadableServices', 'services.properties', 'See MetadataDrivenConfiguration SAML Attribute Name Format Usage', 'all', null, null, null, 'false', 'idp.service.relyingparty.ignoreUnmappedEntityAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('393', 'ReloadableServices', 'services.properties', 'Fail at startup if MetadataConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.metadata.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('368', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The hash algorithm used when using computed persistent IDs', 'all', null, null, null, 'SHA', 'idp.persistentId.algorithm', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('423', 'ReloadableServices', 'services.properties', 'Seconds between reloads of message property resources', 'all', null, null, null, '300', 'idp.message.cacheSeconds', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('392', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for MetadataConfiguration', 'all', null, null, null, 'shibboleth.MetadataResolverResources', 'idp.service.metadata.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('396', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeRegistryConfiguration', 'all', null, null, null, 'shibboleth.AttributeRegistryResources', 'idp.service.attribute.registry.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('400', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeResolverConfiguration', 'all', null, null, null, 'shibboleth.AttributeResolverResources', 'idp.service.attribute.resolver.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('398', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.registry.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('406', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeFilterConfiguration', 'all', null, null, null, 'shibboleth.AttributeFilterResources', 'idp.service.attribute.filter.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('402', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.resolver.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('410', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for NameIDGenerationConfiguration', 'all', null, null, null, 'shibboleth.NameIdentifierGenerationResources', 'idp.service.nameidGeneration.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('413', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AccessControlConfiguration', 'all', null, null, null, 'shibboleth.AccessControlResource', 'idp.service.access.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('416', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for CASServiceRegistry configuration', 'all', null, null, null, 'shibboleth.CASServiceRegistryResources', 'idp.service.cas.registry.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('408', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.filter.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('412', 'ReloadableServices', 'services.properties', 'Time to notice changes to NameIDGenerationConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.nameidGeneration.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('415', 'ReloadableServices', 'services.properties', 'Time to notice changes to AccessControlConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.access.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('418', 'ReloadableServices', 'services.properties', 'Time to notice CASServiceRegistry configuration changes and reload service', 'all', null, null, null, '0', 'idp.service.cas.registry.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('421', 'ReloadableServices', 'services.properties', 'Time to notice ManagedBeanConfiguration changes and reload service', 'all', null, null, null, '0', 'idp.service.managedBean.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('369', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64', 'all', null, null, null, 'BASE64', 'idp.persistentId.encoding', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('397', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeRegistryConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.registry.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('401', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeResolverConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('404', 'ReloadableServices', 'services.properties', 'Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invis', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.stripNulls', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('407', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeFilterConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.filter.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('411', 'ReloadableServices', 'services.properties', 'Fail at startup if NameIDGenerationConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.nameidGeneration.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('417', 'ReloadableServices', 'services.properties', 'Fail at startup if CASServiceRegistry configuration is invalid', 'all', null, null, null, 'false', 'idp.service.cas.registry.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('373', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of error strings to identify as retryable failures', '4.1', null, null, null, '23000,23505', 'idp.persistentId.retryableErrors', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('364', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable', 'all', null, null, null, null, 'idp.persistentId.sourceAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('375', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides the name of the table in the database', '4.1', null, null, null, 'shibpid', 'idp.persistentId.tableName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('376', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localEntity', 'idp.persistentId.localEntityColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('377', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerEntity', 'idp.persistentId.peerEntityColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('378', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'principalName', 'idp.persistentId.principalNameColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('379', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localId', 'idp.persistentId.sourceIdColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('380', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'persistentId', 'idp.persistentId.persistentIdColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('381', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerProvidedId', 'idp.persistentId.peerProvidedIdColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('419', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for ManagedBeanConfiguration', 'all', null, null, null, 'shibboleth.ManagedBeanResources', 'idp.service.managedBean.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('422', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying Spring message property resources', 'all', null, null, null, 'shibboleth.MessageSourceResources', 'idp.message.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('560', 'OPDiscovery', 'oidc.properties', 'Implementation bean for discovery shouldn''t require alteration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.DefaultOpenIdConfigurationResolver', 'idp.oidc.discovery.resolver', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('574', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function called shibboleth.oidc.AllowedScopeStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedScope', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('575', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedAudience', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('570', 'OPDynamicClientRegistration', 'oidc.properties', 'Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy', 'idp.oidc.admin.registration.lookup.policy', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('382', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'creationDate', 'idp.persistentId.createTimeColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('383', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'deactivationDate', 'idp.persistentId.deactivationTimeColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('573', 'OPClientResolution', 'oidc.properties', 'Name of bean used to define the resources to use in configuring this service', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ClientInformationResolverResources', 'idp.service.clientinfo.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('650', 'OIDC OP', 'oidc.properties', 'Storage for storing remote jwk sets.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.StorageService', 'idp.oidc.jwk.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('433', 'MetadataReload', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('434', 'MetadataReload', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.reload.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('366', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'A secret salt for the hash when using computed persistent IDs', 'all', null, null, null, null, 'idp.persistentId.salt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('428', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('430', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('424', 'Status', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Status', 'idp.status.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('425', 'Status', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.status.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('431', 'MetadataReload', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Reload', 'idp.reload.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('435', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('438', 'AACLI', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'ResolverTest', 'idp.resolvertest.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('437', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('497', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of subjectAltName extension types to look for', '4.1', null, null, 'Comma seperated list of integer values', null, 'idp.c14n.x500.subjectAltNameTypes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('439', 'AACLI', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.resolvertest.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('442', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('444', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('445', 'MetadataQuery', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'MetadataQuery', 'idp.mdquery.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('498', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attribute OIDs to search for in the subject DN', '4.1', null, null, 'Comma seperated list of integer values', '2,5,4,3', 'idp.c14n.x500.objectIDs', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('493', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.c14n.attribute.resolutionCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('651', 'OIDC OP', 'oidc.properties', 'Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.metadata.saml', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('655', 'OIDC OP', 'oidc.properties', 'Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultRequestLoginHintLookupFunction', 'idp.oidc.LoginHintLookupStrategy', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('656', 'OIDC OP', 'oidc.properties', 'Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultSPSessionCreationStrategy', 'idp.oidc.SPSessionCreationStrategy', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('19', 'SecurityConfiguration', 'idp.properties', 'Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.', 'all', null, null, 'Bean ID of DataSealerKeyStrategy', 'shibboleth.DataSealerKeyStrategy', 'idp.sealer.keyStrategy', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('103', 'LogoutConfiguration', 'idp.properties', 'If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session', 'all', null, null, 'Bean ID of Predicate', 'false', 'idp.logout.promptUser', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('44', 'SecurityConfiguration', 'idp.properties', 'Overrides the X509KeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.X509KeyInfoGeneratorFactory', 'idp.security.x509KeyInfoFactory', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('64', 'SessionConfiguration', 'idp.properties', 'Bean name of a storage implementation/configuration to use for IdP sessions', 'all', null, null, 'Bean ID of StorageService (org.opensaml.storage)', 'shibboleth.ClientSessionStorageService', 'idp.session.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('312', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('446', 'MetadataQuery', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.mdquery.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('313', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('484', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('517', 'OIDC OP', 'oidc.properties', 'Set the Open ID Connect Issuer value', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.issuer', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('68', 'SessionConfiguration', 'idp.properties', 'A 2-argument predicate that compares a bound session''s address to a client address', 'all', null, null, 'BiPredicate', 'Direct string comparison', 'idp.session.consistentAddressCondition', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('518', 'OPToken', 'oidc.properties', 'Lifetime of ID token', '4.1', 'idp.oidc.OP', '3', null, 'PT1H', 'idp.oidc.idToken.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('524', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.encodedAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('529', 'OPAuthorization', 'oidc.properties', 'Bean ID of StorageService for revocation cache requires server-side storage', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.StorageService', 'idp.oidc.revocationCache.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('545', 'OPSecurity', 'oidc.properties', 'Allows override of default signing configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.SigningConfiguration', 'idp.oidc.signing.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('546', 'OPSecurity', 'oidc.properties', 'Allows override of default encryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.EncryptionConfiguration', 'idp.oidc.encryption.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('547', 'OPSecurity', 'oidc.properties', 'Allows override of default request decryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.requestObjectDecryptionConfiguration', 'idp.oidc.rodecrypt.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('519', 'OPToken', 'oidc.properties', 'Lifetime of access token', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oidc.accessToken.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('520', 'OPAuthorization', 'oidc.properties', 'Lifetime of authorization code', '4.1', 'idp.oidc.OP', '3', null, 'PT5M', 'idp.oidc.authorizeCode.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('521', 'OPToken', 'oidc.properties', 'Lifetime of refresh token', '4.1', 'idp.oidc.OP', '3', null, 'PT2H', 'idp.oidc.refreshToken.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('528', 'OPRevocation', 'oidc.properties', 'Lifetime of entries in revocation cache for authorize code', '4.1', 'idp.oidc.OP', '3', null, 'PT6H', 'idp.oidc.revocationCache.authorizeCode.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('535', 'OPToken', 'oidc.properties', 'Lifetime of access token issued to client for resource server', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oauth2.accessToken.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('544', 'OPSecurity', 'oidc.properties', 'JWK RSA decryption keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-encryption-rsa.jwk', 'idp.signing.oidc.rsa.enc.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('543', 'OPSecurity', 'oidc.properties', 'JWK EC signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-es.jwk', 'idp.signing.oidc.es.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('449', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('451', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('455', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('542', 'OPSecurity', 'oidc.properties', 'JWK RSA signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-rs.jwk', 'idp.signing.oidc.rs.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('452', 'MetricsConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Metrics', 'idp.metrics.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('457', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('462', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('464', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('458', 'HelloWorldConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Hello', 'idp.hello.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('459', 'HelloWorldConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByAdminUser', 'idp.hello.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('527', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to omit from UserInfo token', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.deniedUserInfoAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('526', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to always include in ID token regardless of response_type', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.alwaysIncludedAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('541', 'OPDynamicClientRegistration', 'oidc.properties', 'The acceptable client authentication methods when using dynamic registration', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.dynreg.tokenEndpointAuthMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('530', 'OPToken', 'oidc.properties', 'The acceptable client authentication methods', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.tokenEndpointAuthMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('531', 'OPToken', 'oidc.properties', 'OAuth grant types to allow', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'authorization_code,refresh_token', 'idp.oauth2.grantTypes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('553', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.oidc.OP', '3', null, '1000', 'idp.authn.OAuth2Client.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('565', 'OPDynamicClientRegistration', 'oidc.properties', 'Default access token lifetime if not specified', '4.1', 'idp.oidc.OP', '3', null, 'P1D', 'idp.oidc.admin.registration.defaultTokenLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('572', 'OPClientResolution', 'oidc.properties', 'When non-zero enables monitoring of resources for service reload', '4.1', 'idp.oidc.OP', '3', null, 'PT0S', 'idp.service.clientinfo.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('555', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.Conditions.TRUE', 'idp.authn.OAuth2Client.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('558', 'OPCustomFilterRegistration', 'oidc.properties', 'By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ResponseHeaderFilter', 'idp.oidc.ResponseHeaderFilter', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('35', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default EncryptionConfiguration', 'all', null, null, 'Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)', 'shibboleth.EncryptionConfiguration.CBC', 'idp.encryption.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('43', 'SecurityConfiguration', 'idp.properties', 'Overrides the BasicKeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.BasicKeyInfoGeneratorFactory', 'idp.security.basicKeyInfoFactory', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('39', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify TLS certificates', 'all', null, null, 'Bean ID of TrustEngine (org.opensaml.security.trust)', 'shibboleth.ChainingX509TrustEngine', 'idp.trust.certificates', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('550', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether all validators must succeed or just one', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.authn.OAuth2Client.requireAll', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('552', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution', '4.1', 'idp.oidc.OP', '3', 'use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.', 'false', 'idp.authn.OAuth2Client.retainAsPrivateCredential', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('563', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to enable user authentication for requests', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('466', 'AccountLockoutManagement', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.lockout.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('472', '?', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Storage', 'idp.storage.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('473', '?', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.storage.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('478', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'UnlockKeys', 'idp.unlock-keys.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('561', 'OPDynamicClientRegistration', 'oidc.properties', 'Audit logging label for this profile', '4.1', 'idp.oidc.OP', '3', null, 'IssueRegistrationAccessToken', 'idp.oidc.admin.registration.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('566', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to all requests', '4.1', 'idp.oidc.OP', '3', null, 'AccessByIPAddress', 'idp.oidc.admin.registration.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('584', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.DuoOIDC.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('610', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Factor', 'idp.duo.oidc.nonbrowser.header.factor', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('580', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.DuoOIDC', '1', null, '1000', 'idp.authn.DuoOIDC.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('587', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.DuoOIDC.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('479', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.unlock-keys.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('483', 'AttendedRestartConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.unlock-keys.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('490', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)', '4.1', null, null, null, null, 'idp.c14n.attribute.attributesToResolve', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('588', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.DuoOIDC.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('491', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue', '4.1', null, null, null, null, 'idp.c14n.attribute.attributeSourceIds', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('503', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml1sso', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('591', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.authn.DuoOIDC.subjectDecorator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('589', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('590', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('315', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('316', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('481', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.unlock-keys.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('482', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.unlock-keys.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('485', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('581', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('45', 'CSRF', 'idp.properties', 'Enables CSRF protection', '4', null, null, null, 'true', 'idp.csrf.enabled', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('522', 'OPToken', 'oidc.properties', 'Whether client is required to use PKCE', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.forcePKCE', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('615', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for the connection to be established', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('612', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Passcode', 'idp.duo.oidc.nonbrowser.header.passcode', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('642', 'Metadatagen', 'mdgen.properties', 'The width of the logo in pixels', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.width', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('635', 'TOTP', 'authn/authn.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.TOTP', '1', null, null, 'idp.authn.TOTP.subjectDecorator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('633', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('616', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for a connection to be returned from the connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionRequestTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('617', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum period inactivity between two consecutive data packets', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.socketTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('631', 'TOTP', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.TOTP.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('632', 'TOTP', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.TOTP.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('641', 'Metadatagen', 'mdgen.properties', 'The height of the logo in pixels.', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.height', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('634', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('628', 'TOTP', 'authn/authn.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.TOTP.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('620', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'To enable certificate revocation checking', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'false', 'idp.duo.oidc.nimbus.checkRevocation', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('625', 'TOTP', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('626', 'TOTP', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('53', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)', 'all', null, null, null, 'true', 'idp.errors.signed', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('504', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml1attrquery', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('505', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml1artifact', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('506', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml2sso', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('618', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max total simultaneous connections allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsTotal', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('619', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max simultaneous connections per route allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsPerRoute', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('624', 'TOTP', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.TOTP', '1', null, '1000', 'idp.authn.TOTP.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('640', 'Metadatagen', 'mdgen.properties', 'Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path (''/path/to/logo'') is use', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.logo.path', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('639', 'Metadatagen', 'mdgen.properties', 'Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.backchannel.cert', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('638', 'Metadatagen', 'mdgen.properties', 'Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.dnsname', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('647', 'OIDC OP', 'oidc.properties', 'The validity of client secret registered', '4.1', 'idp.oidc.OP', '3', 'no doc', 'P12M', 'idp.oidc.dynreg.defaultSecretExpiration', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('652', 'OIDC OP', 'oidc.properties', 'Upgrade interval to the remote JWKs', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT30M', 'idp.oidc.jwksuri.fetchInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('653', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT5M', 'idp.oidc.config.minRefreshDelay', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('654', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT4H', 'idp.oidc.config.maxRefreshDelay', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('507', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml2attrquery', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('508', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml2artifact', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('509', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.saml2slo', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('510', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.logout', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('511', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.cas', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('512', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Status', 'idp.service.logging.status', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('513', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ResolverTest', 'idp.service.logging.resolvertest', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('514', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Reload', 'idp.service.logging.serviceReload', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('515', 'AuditLoggingConfiguration', 'services.properties', 'Hash algorithm to apply to various hashed fields', '4.1', null, null, null, 'SHA-256', 'idp.audit.hashAlgorithm', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('516', 'AuditLoggingConfiguration', 'services.properties', 'Salt to apply to hashed fields must be set to use those fields', '4.1', null, null, null, null, 'idp.audit.salt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('536', 'OPRevocation', 'oidc.properties', 'The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token', '4.1', 'idp.oidc.OP', '3', null, 'CHAIN', 'idp.oauth2.revocationMethod', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('538', 'OPDynamicClientRegistration', 'oidc.properties', 'The default scopes accepted in dynamic registration', '4.1', 'idp.oidc.OP', '3', null, 'openid profile email address phone offline_access', 'idp.oidc.dynreg.defaultScope', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('539', 'OPDynamicClientRegistration', 'oidc.properties', 'The default subject type if not set by client in request. Maybe set to pairwise or public.', '4.1', 'idp.oidc.OP', '3', null, 'public', 'idp.oidc.dynreg.defaultSubjectType', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('533', 'OPToken', 'oidc.properties', 'Format of access token. Supported values are JWT or nothing.', '4.1', 'idp.oidc.OP', '3.2', null, null, 'idp.oauth2.accessToken.type', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('567', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyLocation', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyLocationPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('568', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyIdPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('569', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a clientId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.clientIdPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('577', 'OPSubClaim', 'oidc.properties', 'The source attribute used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.sourceAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('578', 'OPSubClaim', 'oidc.properties', 'The digest algorithm used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, 'SHA', 'idp.oidc.subject.algorithm', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('594', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'DuoOIDC API hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.apiHost', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('649', 'OIDC OP', 'oidc.properties', 'Bean to determine whether dynamic registration should validate the remote JWK set if it''s defined in the request', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.dynreg.validateRemoteJwks', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('1', 'Core', 'idp.properties', 'Auto-load all files matching conf/**/*.properties', '4', null, null, null, 'true', 'idp.searchForProperties', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('5', 'RelyingPartyConfiguration', 'idp.properties', 'Whether to allow use of the SAML artifact bindings when sending messages', 'all', null, null, null, 'true', 'idp.artifact.enabled', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('6', 'RelyingPartyConfiguration', 'idp.properties', 'Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)', 'all', null, null, null, 'true', 'idp.artifact.secureChannel', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('9', 'RelyingPartyConfiguration', 'idp.properties', 'Controls whether the outbound binding selection is ordered by the SP''s metadata or the IdP''s preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also', '4.1', null, null, null, 'true', 'idp.bindings.inMetadataOrder', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('13', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property', 'all', null, null, null, 'true', 'idp.cookie.httpOnly', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('595', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The OAuth 2.0 Client Identifier valid at the Authorization Server', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.clientId', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('596', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Redirection URI to which the 2FA response will be sent', '4.1', 'idp.authn.DuoOIDC', '1', 'ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback', null, 'idp.duo.oidc.redirectURL', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('592', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.DuoOIDC.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('597', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.redirecturl.allowedOrigins', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('599', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 health check endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/health_check', 'idp.duo.oidc.endpoint.health', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('600', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 token endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.endpoint.token', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('601', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 authorization endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/authorize', 'idp.duo.oidc.endpoint.authorize', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('604', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.jwt.verifier.issuerPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('605', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'preferred_username', 'idp.duo.oidc.jwt.verifier.preferredUsername', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('607', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.duo.oidc.apiHost}', 'idp.duo.oidc.nonbrowser.apiHost', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('611', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Device', 'idp.duo.oidc.nonbrowser.header.device', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('621', 'TOTP', 'authn/authn.properties', 'Name of request header to use for extracting non-browser submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'X-Shibboleth-TOTP', 'idp.authn.TOTP.headerName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('622', 'TOTP', 'authn/authn.properties', 'Name of HTML form field to use for locating browser-submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'tokencode', 'idp.authn.TOTP.fieldName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('623', 'TOTP', 'authn/authn.properties', 'Name of IdPAttribute to resolve to obtain token seeds for users', '4.1', 'idp.authn.TOTP', '1', null, 'tokenSeeds', 'idp.authn.TOTP.tokenSeedAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('636', 'TOTP', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.TOTP', '1', null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken', 'idp.authn.TOTP.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('645', 'Metadatagen', 'mdgen.properties', 'Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.description.', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('365', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Whether or not the previous property has access to unreleased attributes', 'all', null, null, null, 'true', 'idp.persistentId.useUnfilteredAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('150', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections in the background', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.pool.LDAP.validatePeriodically', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('142', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Expired Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordExpiration', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('614', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Pass client address to Duo in API calls to support logging', '4.1', 'idp.authn.DuoOIDC', '1', 'push display', 'true', 'idp.duo.oidc.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('140', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryWithBindDN', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('129', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'How to establish trust in the server''s TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'certificateTrust', 'idp.authn.LDAP.sslConfig', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('125', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether StartTLS should be used after connecting with LDAP alone.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.authn.LDAP.useStartTLS', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('149', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections when checking them out of the pool', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.pool.LDAP.validateOnCheckout', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('144', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.freeIPADirectory', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('143', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the ''adAuthenticator''. It is meant to be specified with one of the other authenticator types.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.activeDirectory', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('146', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether connection pools should be used for LDAP authentication and DN resolution', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.disablePooling', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('145', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.eDirectory', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('126', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for the TCP connection to occur.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.connectTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('157', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your ', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindPoolPassivator', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('128', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'ACTIVE_PASSIVE', 'idp.authn.LDAP.connectionStrategy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('127', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for an LDAP response message', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.responseTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('123', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'anonSearchAuthenticator', 'idp.authn.LDAP.authenticator', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('136', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDN', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('139', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be returned in the authentication response even when the user bind fails.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryOnFailure', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('133', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.baseDN', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('132', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'List of attributes to request during authentication', 'all', null, null, 'Comma seperated list of values. The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.returnAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('135', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.userFilter', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('134', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.subtreeSearch', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('62', 'StorageConfiguration', 'idp.properties', 'Whether storage errors during replay checks should be treated as a replay', 'all', null, null, null, 'true', 'idp.replayCache.strict', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('63', 'SessionConfiguration', 'idp.properties', 'Whether to enable the IdP''s session tracking feature', 'all', null, null, null, 'true', 'idp.session.enabled', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('67', 'SessionConfiguration', 'idp.properties', 'Whether to bind IdP sessions to IP addresses', 'all', null, null, null, 'true', 'idp.session.consistentAddress', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('78', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication', '4.1', null, null, null, 'true', 'idp.authn.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('80', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to populate information about the relying party into the tree for user interfaces during login and interceptors', 'all', null, null, null, 'true', 'idp.authn.rpui', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('94', 'ConsentConfiguration', 'idp.properties', 'Whether not remembering/storing consent is allowed', 'all', null, null, null, 'true', 'idp.consent.allowDoNotRemember', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('95', 'ConsentConfiguration', 'idp.properties', 'Whether consent to any attribute and to any relying party is allowed', 'all', null, null, null, 'true', 'idp.consent.allowGlobal', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('102', 'LogoutConfiguration', 'idp.properties', 'Whether to require signed logout messages in accordance with the SAML 2.0 standard', 'all', null, null, null, 'true', 'idp.logout.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('118', 'AuditLoggingConfiguration', 'services.properties', 'Set false if you want SAML bindings "spelled out" in audit log', 'all', null, null, null, 'true', 'idp.audit.shortenBindings', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('179', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.External', null, null, 'true', 'idp.authn.External.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('195', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUser', null, null, 'true', 'idp.authn.RemoteUser.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('196', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to check REMOTE_USER for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.checkRemoteUser', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('199', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to trim leading and trailing whitespace from the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.trim', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('220', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('646', 'OIDC OP', 'oidc.properties', 'Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides', '4.1', 'idp.oidc.OP', '3', 'no doc', 'false', 'idp.oidc.encryptionOptional', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('239', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, 'true', 'idp.authn.SPNEGO.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('254', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.X509', null, null, 'true', 'idp.authn.X509.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('255', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to save the certificate into the Subject''s public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.saveCertificateToCredentialSet', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('269', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('283', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.IPAddress', null, null, 'true', 'idp.authn.IPAddress.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('297', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Function', null, null, 'true', 'idp.authn.Function.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('308', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Allow the factor to be defaulted to auto if no headers are received', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.auto', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('309', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Pass client address to Duo in API calls to support logging, push display, and network-based Duo policies', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('323', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Duo', null, null, 'true', 'idp.authn.Duo.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('342', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.SAML.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('343', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions', '4.1', null, null, null, 'true', 'idp.authn.MFA.validateLoginTransitions', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('357', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.MFA', null, null, 'true', 'idp.authn.MFA.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('374', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.', '4.1', null, null, null, 'true', 'idp.persistentId.verifyDatabase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('386', 'ReloadableServices', 'services.properties', 'Fail at startup if logging configuration is invalid', 'all', null, null, null, 'true', 'idp.service.logging.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('395', 'ReloadableServices', 'services.properties', 'Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost', 'all', null, null, null, 'true', 'idp.service.metadata.enableByReferenceFilters', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('409', 'ReloadableServices', 'services.properties', 'Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.filter.maskFailures', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('414', 'ReloadableServices', 'services.properties', 'Fail at startup if AccessControlConfiguration is invalid', 'all', null, null, null, 'true', 'idp.service.access.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('460', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('463', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('480', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.unlock-keys.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('486', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.simple.trim', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('489', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.attribute.trim', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('496', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.x500.trim', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('551', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to remove the object holding the password from the request''s active state after validating it (to avoid it being preserved in the session any longer than needed)', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.removeAfterValidation', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('557', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('562', 'OPDynamicClientRegistration', 'oidc.properties', 'Enables support for non-browser-based authentication', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.oidc.admin.registration.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('583', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.authn.DuoOIDC.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('613', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Allow the factor to be defaulted in as "auto" if no headers are received', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.duo.oidc.nonbrowser.auto', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('627', 'TOTP', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.TOTP', '1', null, 'true', 'idp.authn.TOTP.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('648', 'OIDC OP', 'oidc.properties', 'Regardless of what signing algorithms are configured allow none for request object signing', '4.1', 'idp.oidc.OP', '3', 'no doc', 'true', 'idp.oidc.dynreg.allowNoneForRequestSigning', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('83', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global set', '4', null, null, null, 'false', 'idp.authn.overrideRequestedAuthnContext', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('96', 'ConsentConfiguration', 'idp.properties', 'Whether per-attribute consent is allowed', 'all', null, null, null, 'false', 'idp.consent.allowPerAttribute', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('97', 'ConsentConfiguration', 'idp.properties', 'Whether attribute values and terms of use text are stored and compared for equality', 'all', null, null, null, 'false', 'idp.consent.compareValues', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('101', 'LogoutConfiguration', 'idp.properties', 'Whether to search metadata for user interface information associated with every service involved in logout propagation', 'all', null, null, null, 'false', 'idp.logout.elaboration', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('104', 'LogoutConfiguration', 'idp.properties', 'Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic', '4.1', null, null, null, 'false', 'idp.logout.preserveQuery', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('105', 'LogoutConfiguration', 'idp.properties', 'When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints', '4.2', null, null, null, 'false', 'idp.logout.assumeAsync', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('111', 'CasProtocolConfiguration', 'idp.properties', 'If true CAS services provisioned with SAML metadata are identified via entityID', 'all', null, null, null, 'false', 'idp.cas.relyingPartyIdFromMetadata', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('160', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', null, null, null, 'false', 'idp.authn.Krb5.refreshConfig', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('523', 'OPToken', 'oidc.properties', 'Whether client is allowed to use PKCE code challenge method plain', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.allowPKCEPlain', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('161', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to preserve the resulting Kerberos TGT in the Java Subject''s private credential set', '4.1', null, null, null, 'false', 'idp.authn.Krb5.preserveTicket', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('167', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('168', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('169', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('171', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('172', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('188', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('200', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to lowercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('201', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to uppercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('209', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('210', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('212', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('213', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('222', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to always try to run SPNEGO independent of the user''s auto-login setting', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.enforceRun', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('223', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.refreshKrbConfig', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('227', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('228', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('229', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('231', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('232', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('246', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('247', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('257', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('258', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('259', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('261', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('262', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('273', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('275', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('276', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('285', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('286', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('287', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('289', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('290', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('334', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.SAML.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('345', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('346', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('347', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('349', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('350', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('420', 'ReloadableServices', 'services.properties', 'Fail at startup if ManagedBeanConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.managedBean.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('426', 'Status', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('427', 'Status', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.status.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('429', 'Status', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('436', 'MetadataReload', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('440', 'AACLI', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('441', 'AACLI', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.resolvertest.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('443', 'AACLI', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('447', 'MetadataQuery', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('448', 'MetadataQuery', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.mdquery.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('450', 'MetadataQuery', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('453', 'MetricsConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('454', 'MetricsConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.metrics.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('456', 'MetricsConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('461', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.hello.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('467', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('468', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.lockout.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('470', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('474', '?', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('475', '?', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.storage.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('477', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('487', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('488', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('492', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service', '4.1', null, null, null, 'false', 'idp.c14n.attribute.resolveFromSubject', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('494', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('495', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('499', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('500', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('501', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('502', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('525', 'OPAuthorization', 'oidc.properties', 'Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.encodeConsentInTokens', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('532', 'OPToken', 'oidc.properties', 'Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.', '4.1', 'idp.oidc.OP', '3.2', null, 'false', 'idp.oauth2.enforceRefreshTokenRotation', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('534', 'OPToken', 'oidc.properties', 'Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oauth2.encryptionOptional', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('564', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to resolve attributes if authentication is enabled', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('571', 'OPClientResolution', 'oidc.properties', 'If true any failures during initialization of any resolvers result in IdP startup failure', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.service.clientinfo.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('582', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('585', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.DuoOIDC', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.DuoOIDC.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('586', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('593', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('629', 'TOTP', 'authn/authn.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.TOTP', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.TOTP.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('630', 'TOTP', 'authn/authn.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('637', 'TOTP', 'authn/authn.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.addDefaultPrincipals', 'BOOLEAN', null, null); \ No newline at end of file From b24b378f6dea8970f318600aef51fbc05a311f33 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 17 Aug 2022 14:25:27 -0700 Subject: [PATCH 42/58] SHIBUI-2268 load properties to database from csv configuration on startup --- .../ui/service/ShibPropertiesBootstrap.groovy | 70 ++ .../CustomPropertiesConfiguration.java | 13 +- .../ui/domain/ShibConfigurationProperty.java | 12 +- .../ShibConfigurationRepository.java | 15 + ...EntityAttributesDefinitionServiceImpl.java | 4 +- .../ui/service/ShibConfigurationService.java | 12 + .../service/ShibConfigurationServiceImpl.java | 25 + backend/src/main/resources/application.yml | 15 +- .../resources/shib_configuration_prop.csv | 656 ++++++++++++++++++ 9 files changed, 813 insertions(+), 9 deletions(-) create mode 100644 backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java create mode 100644 backend/src/main/resources/shib_configuration_prop.csv diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy new file mode 100644 index 000000000..daf75b61e --- /dev/null +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy @@ -0,0 +1,70 @@ +package edu.internet2.tier.shibboleth.admin.ui.service + +import com.opencsv.CSVReader +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty +import groovy.util.logging.Slf4j +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.boot.context.event.ApplicationStartedEvent +import org.springframework.context.event.EventListener +import org.springframework.core.io.ClassPathResource +import org.springframework.core.io.Resource +import org.springframework.stereotype.Component + +import javax.transaction.Transactional + +@Component +@Slf4j +class ShibPropertiesBootstrap { + @Autowired + private ShibConfigurationService service + + ShibPropertiesBootstrap(ShibConfigurationService service) { + this.service = service + } + + @Transactional + @EventListener + void bootstrapUsersAndRoles(ApplicationStartedEvent e) { + log.info("Ensuring base Shibboleth properties configuration has loaded") + + Resource resource = new ClassPathResource('shib_configuration_prop.csv') + final HashMap propertiesMap = new HashMap<>() + + // Read in the defaults in the configuration file + new CSVReader(new InputStreamReader(resource.inputStream)).each { fields -> + def (resource_id,category,config_file,description,idp_version,module,module_version,note,default_value,property_name,property_type,selection_items,property_value) = fields + ShibConfigurationProperty prop = new ShibConfigurationProperty().with { + it.resourceId = resource_id + it.category = category + it.configFile = config_file + it.description = description + it.idpVersion = idp_version + it.module = module + it.moduleVersion = module_version + it.note = note + it.defaultValue = default_value + it.description = description + it.propertyName = property_name + def pt = property_type + it.setPropertyType(pt) + it.selectionItems = selection_items + // we shouldn't have property values coming in from the config... + it + } + propertiesMap.put(prop.getPropertyName(), prop) + } + + // If we already have the property in the db, ignore the configuration setup for that property + service.getExistingPropertyNames().each { + propertiesMap.remove(it) + } + + // Save anything that's left + if (propertiesMap.size() > 0) { + log.info("Saving/loading [" + propertiesMap.size() + "] properties to the database") + service.addAll(propertiesMap.values()) + } + + log.info("COMPLETED: ensuring base Shibboleth properties configuration has loaded") + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java index af8aef206..9a85e48a2 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java @@ -2,21 +2,20 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.IRelyingPartyOverrideProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.service.CustomEntityAttributesDefinitionService; import edu.internet2.tier.shibboleth.admin.ui.service.events.CustomEntityAttributeDefinitionChangeEvent; - import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.ApplicationListener; import org.springframework.context.annotation.Configuration; +import javax.annotation.PostConstruct; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; -import javax.annotation.PostConstruct; - @Configuration @ConfigurationProperties(prefix = "custom") public class CustomPropertiesConfiguration implements ApplicationListener { @@ -28,6 +27,8 @@ public class CustomPropertiesConfiguration implements ApplicationListener overridesFromConfigFile = new ArrayList<>(); + private List shibprops = new ArrayList<>(); + private void buildRelyingPartyOverrides() { // Start over with a clean map and get the CustomEntityAttributesDefinitions from the DB HashMap reloaded = new HashMap<>(); @@ -68,6 +69,7 @@ public void onApplicationEvent(CustomEntityAttributeDefinitionChangeEvent arg0) public void postConstruct() { // Make sure we have the right data buildRelyingPartyOverrides(); + updateShibPropsDatabase(); } public void setAttributes(List> attributes) { @@ -85,4 +87,7 @@ public void setCeadService(CustomEntityAttributesDefinitionService ceadService) public void setOverrides(List overridesFromConfigFile) { this.overridesFromConfigFile = overridesFromConfigFile; } -} + + private void updateShibPropsDatabase() { + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java index 945f9ff96..345592ae3 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java @@ -22,7 +22,7 @@ public class ShibConfigurationProperty { @Column(name = "config_file", nullable = false) String configFile; - @Column(name = "default_value", nullable = false) + @Column(name = "default_value") String defaultValue; @Column(name = "description") @@ -46,8 +46,16 @@ public class ShibConfigurationProperty { @Column(name = "property_type", nullable = false) PropertyType propertyType; - @Column(name = "property_value", nullable = false) + @Column(name = "property_value") String propertyValue; + + @Column(name = "selection_items") + String selectionItems; + + public void setPropertyType(String val) { + this.propertyType = PropertyType.valueOf(val); + } + } enum PropertyType { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java new file mode 100644 index 000000000..e5889b3cd --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java @@ -0,0 +1,15 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; + +import java.util.List; + +/** + * Repository to manage {@link ShibConfigurationProperty} instances. + */ +public interface ShibConfigurationRepository extends JpaRepository { + @Query(value = "select property_name from shib_configuration_prop", nativeQuery = true) + List getPropertyNames(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java index 6fe0a8c25..cd5893c42 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java @@ -19,7 +19,7 @@ public class CustomEntityAttributesDefinitionServiceImpl implements CustomEntity private ApplicationEventPublisher applicationEventPublisher; @Autowired - EntityManager entityManager; + EntityManager entityManager; // Why is this here - it isn't used @Autowired private CustomEntityAttributeDefinitionRepository repository; @@ -53,4 +53,4 @@ public List getAllDefinitions() { private void notifyListeners() { applicationEventPublisher.publishEvent(new CustomEntityAttributeDefinitionChangeEvent(this)); } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java new file mode 100644 index 000000000..504c60956 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -0,0 +1,12 @@ +package edu.internet2.tier.shibboleth.admin.ui.service; + +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; + +import java.util.Collection; +import java.util.List; + +public interface ShibConfigurationService { + void addAll(Collection newProperties); + + List getExistingPropertyNames(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java new file mode 100644 index 000000000..d9d29c37f --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -0,0 +1,25 @@ +package edu.internet2.tier.shibboleth.admin.ui.service; + +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibConfigurationRepository; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import java.util.Collection; +import java.util.List; + +@Service +public class ShibConfigurationServiceImpl implements ShibConfigurationService { + @Autowired + private ShibConfigurationRepository repository; + + @Override + public void addAll(Collection newProperties) { + repository.saveAll(newProperties); + } + + @Override + public List getExistingPropertyNames() { + return repository.getPropertyNames(); + } +} \ No newline at end of file diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index bf1367934..09d922b1c 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -162,4 +162,17 @@ custom: displayType: boolean helpText: tooltip.ignore-request-signatures attributeName: http://shibboleth.net/ns/profiles/ignoreRequestSignatures - attributeFriendlyName: ignoreRequestSignatures \ No newline at end of file + attributeFriendlyName: ignoreRequestSignatures + shibprops: + - category: asd # required + configFile: kj # required + defaultValue: foo + description: blak + idpVersion: 4.1 # required + module: h + moduleVersion: 1 + note: nnn + propertyName: dddd # required + propertyType: dddd # required as one of: BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING + propertyValue: dddd + selectionItems: dddd,dddd # required if propertyType is SELECTION_LIST - comma seperated values \ No newline at end of file diff --git a/backend/src/main/resources/shib_configuration_prop.csv b/backend/src/main/resources/shib_configuration_prop.csv new file mode 100644 index 000000000..fd6b84a33 --- /dev/null +++ b/backend/src/main/resources/shib_configuration_prop.csv @@ -0,0 +1,656 @@ +474,?,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.storage.authenticated,BOOLEAN,, +472,?,admin/admin.properties,Audit log identifier for flow,4.1,,,,Storage,idp.storage.logging,STRING,, +476,?,admin/admin.properties,?,4.1,,,,,idp.storage.defaultAuthenticationMethods,STRING,, +473,?,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessDenied,idp.storage.accessPolicy,STRING,, +475,?,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.storage.nonBrowserSupported,BOOLEAN,, +442,AACLI,admin/admin.properties,?,4.1,,,,,idp.resolvertest.defaultAuthenticationMethods,STRING,, +443,AACLI,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.resolvertest.resolveAttributes,BOOLEAN,, +439,AACLI,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.resolvertest.accessPolicy,STRING,, +438,AACLI,admin/admin.properties,Audit log identifier for flow,4.1,,,,ResolverTest,idp.resolvertest.logging,STRING,, +441,AACLI,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.resolvertest.nonBrowserSupported,BOOLEAN,, +444,AACLI,admin/admin.properties,?,4.1,,,,,idp.resolvertest.postAuthenticationFlows,STRING,, +440,AACLI,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.resolvertest.authenticated,BOOLEAN,, +466,AccountLockoutManagement,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessDenied,idp.lockout.accessPolicy,STRING,, +467,AccountLockoutManagement,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.lockout.authenticated,BOOLEAN,, +470,AccountLockoutManagement,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.lockout.resolveAttributes,BOOLEAN,, +468,AccountLockoutManagement,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.lockout.nonBrowserSupported,BOOLEAN,, +469,AccountLockoutManagement,admin/admin.properties,?,4.1,,,,,idp.lockout.defaultAuthenticationMethods,STRING,, +471,AccountLockoutManagement,admin/admin.properties,?,4.1,,,,,idp.lockout.postAuthenticationFlows,STRING,, +465,AccountLockoutManagement,admin/admin.properties,Audit log identifier for flow,4.1,,,,Lockout,idp.lockout.logging,STRING,, +479,AttendedRestartConfiguration,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessDenied,idp.unlock-keys.accessPolicy,STRING,, +480,AttendedRestartConfiguration,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,true,idp.unlock-keys.authenticated,BOOLEAN,, +478,AttendedRestartConfiguration,admin/admin.properties,Audit log identifier for flow,4.1,,,,UnlockKeys,idp.unlock-keys.logging,STRING,, +477,AttendedRestartConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.storage.resolveAttributes,BOOLEAN,, +483,AttendedRestartConfiguration,admin/admin.properties,?,4.1,,,,,idp.unlock-keys.postAuthenticationFlows,STRING,, +481,AttendedRestartConfiguration,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.unlock-keys.nonBrowserSupported,BOOLEAN,, +482,AttendedRestartConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.unlock-keys.resolveAttributes,BOOLEAN,, +491,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue,4.1,,,,,idp.c14n.attribute.attributeSourceIds,STRING,, +492,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service,4.1,,,,false,idp.c14n.attribute.resolveFromSubject,BOOLEAN,, +487,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.attribute.lowercase,BOOLEAN,, +493,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone,4.1,,,,shibboleth.Conditions.TRUE,idp.c14n.attribute.resolutionCondition,SPRING_BEAN_ID,, +488,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.attribute.uppercase,BOOLEAN,, +489,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to trim leading and trailing whitespace from the username,4.1,,,,true,idp.c14n.attribute.trim,BOOLEAN,, +490,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can),4.1,,,,,idp.c14n.attribute.attributesToResolve,STRING,, +512,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Status,idp.service.logging.status,STRING,, +511,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,SSO,idp.service.logging.cas,STRING,, +514,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Reload,idp.service.logging.serviceReload,STRING,, +515,AuditLoggingConfiguration,services.properties,Hash algorithm to apply to various hashed fields,4.1,,,,SHA-256,idp.audit.hashAlgorithm,STRING,, +510,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Logout,idp.service.logging.logout,STRING,, +516,AuditLoggingConfiguration,services.properties,Salt to apply to hashed fields must be set to use those fields,4.1,,,,,idp.audit.salt,STRING,, +509,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Logout,idp.service.logging.saml2slo,STRING,, +504,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,AttributeQuery,idp.service.logging.saml1attrquery,STRING,, +508,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,ArtifactResolution,idp.service.logging.saml2artifact,STRING,, +507,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,AttributeQuery,idp.service.logging.saml2attrquery,STRING,, +506,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,SSO,idp.service.logging.saml2sso,STRING,, +118,AuditLoggingConfiguration,services.properties,"Set false if you want SAML bindings ""spelled out"" in audit log",all,,,,true,idp.audit.shortenBindings,BOOLEAN,, +503,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,SSO,idp.service.logging.saml1sso,STRING,, +513,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,ResolverTest,idp.service.logging.resolvertest,STRING,, +505,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,ArtifactResolution,idp.service.logging.saml1artifact,STRING,, +78,AuthenticationConfiguration,authn/authn.properties,Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication,4.1,,,,true,idp.authn.proxyRestrictionsEnforced,BOOLEAN,, +79,AuthenticationConfiguration,authn/authn.properties,Whether to prioritize prior authentication results when an SP requests more than one possible matching method,all,,,,false,idp.authn.favorSSO,BOOLEAN,, +82,AuthenticationConfiguration,authn/authn.properties,Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose,4.1,,,,,idp.authn.discoveryURL,STRING,, +80,AuthenticationConfiguration,authn/authn.properties,Whether to populate information about the relying party into the tree for user interfaces during login and interceptors,all,,,,true,idp.authn.rpui,BOOLEAN,, +81,AuthenticationConfiguration,authn/authn.properties,Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session.,all,,,,false,idp.authn.identitySwitchIsError,BOOLEAN,, +76,AuthenticationConfiguration,authn/authn.properties,Default amount of time to allow reuse prior authentication flows,all,,,measured since first usage,PT60M,idp.authn.defaultLifetime,DURATION,, +77,AuthenticationConfiguration,authn/authn.properties,Default inactivity timeout to prevent reuse of prior authentication flows,all,,,measured since last usage,PT30M,idp.authn.defaultTimeout,DURATION,, +75,AuthenticationConfiguration,authn/authn.properties,Required expression that identifies the login flows to globally enable,all,,,"ex. Password, MA, DUO",,idp.authn.flows,STRING,, +83,AuthenticationConfiguration,authn/authn.properties,Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global set,4,,,,false,idp.authn.overrideRequestedAuthnContext,BOOLEAN,, +110,CasProtocolConfiguration,idp.properties,CAS service registry implementation class,all,,,,net.shibboleth.idp.cas.service.PatternServiceRegistry,idp.cas.serviceRegistryClass,STRING,, +109,CasProtocolConfiguration,idp.properties,"Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed ""simple"" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)",all,,,,shibboleth.StorageService,idp.cas.StorageService,SPRING_BEAN_ID,, +111,CasProtocolConfiguration,idp.properties,If true CAS services provisioned with SAML metadata are identified via entityID,all,,,,false,idp.cas.relyingPartyIdFromMetadata,BOOLEAN,, +89,ConsentConfiguration,idp.properties,Name of function used to return the String storage key representing a user defaults to the principal name,all,,,,shibboleth.consent.PrincipalConsentStorageKey,idp.consent.terms-of-use.userStorageKey,SPRING_BEAN_ID,, +96,ConsentConfiguration,idp.properties,Whether per-attribute consent is allowed,all,,,,false,idp.consent.allowPerAttribute,BOOLEAN,, +97,ConsentConfiguration,idp.properties,Whether attribute values and terms of use text are stored and compared for equality,all,,,,false,idp.consent.compareValues,BOOLEAN,, +94,ConsentConfiguration,idp.properties,Whether not remembering/storing consent is allowed,all,,,,true,idp.consent.allowDoNotRemember,BOOLEAN,, +95,ConsentConfiguration,idp.properties,Whether consent to any attribute and to any relying party is allowed,all,,,,true,idp.consent.allowGlobal,BOOLEAN,, +86,ConsentConfiguration,idp.properties,Attribute whose value is the storage key representing a user,all,,,,uid,idp.consent.attribute-release.userStorageKeyAttribute,STRING,, +98,ConsentConfiguration,idp.properties,"Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit",all,,,,10,idp.consent.maxStoredRecords,INTEGER,, +100,ConsentConfiguration,idp.properties,Time in milliseconds to expire consent storage records,4.x,,,"(v4.0=P1Y,v4.1=infinite)",,idp.consent.storageRecordLifetime,DURATION,, +90,ConsentConfiguration,idp.properties,Attribute whose value is the storage key representing a user,all,,,,uid,idp.consent.terms-of-use.userStorageKeyAttribute,STRING,, +91,ConsentConfiguration,idp.properties,Suffix of message property used as value of consent storage records when idp.consent.compareValues is true,all,,,,.text,idp.consent.terms-of-use.consentValueMessageCodeSuffix,STRING,, +84,ConsentConfiguration,idp.properties,Name of storage service used to store users' consent choices,all,,,,shibboleth.ClientPersistentStorageService,idp.consent.StorageService,SPRING_BEAN_ID,, +85,ConsentConfiguration,idp.properties,Name of function used to return the String storage key representing a user defaults to the principal name,all,,,,shibboleth.consent.PrincipalConsentStorageKey,idp.consent.attribute-release.userStorageKey,SPRING_BEAN_ID,, +99,ConsentConfiguration,idp.properties,"Maximum number of records stored when using larger/server-side storage, 0 = no limit",all,,,,0,idp.consent.expandedMaxStoredRecords,INTEGER,, +88,ConsentConfiguration,idp.properties,Default consent auditing formats,all,,,Logback logging pattern,%T|%SP|%e|%u|%CCI|%CCV|%CCA,idp.consent.attribute-release.auditFormat,STRING,, +93,ConsentConfiguration,idp.properties,Default consent auditing formats,all,,,Logback logging pattern,%T|%SP|%e|%u|%CCI|%CCV|%CCA,idp.consent.terms-of-use.auditFormat,STRING,, +92,ConsentConfiguration,idp.properties,Optional condition to apply to control activation of terms-of-use flow,4.1,,,,shibboleth.Conditions.TRUE,idp.consent.terms-of-use.activationCondition,SPRING_BEAN_ID,, +87,ConsentConfiguration,idp.properties,Optional condition to apply to control activation of attribute-release flow along with system default behavior,4.1,,,,shibboleth.Conditions.TRUE,idp.consent.attribute-release.activationCondition,SPRING_BEAN_ID,, +11,Core,idp.properties,applies a (fixed) scope typically a domain-valued suffix to an input attribute's values,all,,,,,idp.scope,STRING,, +2,Core,idp.properties,Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.,all,,,"Comma seperated list of values ex. /conf/ldap.properties, /conf/services.properties",,idp.additionalProperties,STRING,, +4,Core,idp.properties,Identifies the file to serve for requests to the IdP's well-known metadata location,all,,,,%{idp.home}/metadata/idp-metadata.xml,idp.entityID.metadataFile,STRING,, +47,Core,idp.properties,Auto-configures an HSTS response header,all,,,,max-age=0,idp.hsts,STRING,, +51,Core,idp.properties,"Location from which to load user-modifiable Velocity view templates. This can be set to include ""classpath*:/META-INF/net/shibboleth/idp/views"" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables suppor",all,,,Comma seperated list of values,%{idp.home}/views,idp.views,STRING,, +107,Core,idp.properties,Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP),all,,,Bean ID of HttpClient to use for SOAP-based logout,SOAPClient.HttpClient,idp.soap.httpClient,SPRING_BEAN_ID,, +119,Core,idp.properties,Set to true to fail on velocity syntax errors,all,,,,false,idp.velocity.runtime.strictmode,BOOLEAN,, +122,Core,idp.properties,Policies to use with Impersonate interceptor flow,all,,,Policy ID,SpecificImpersonationPolicy,idp.impersonate.specificPolicy,STRING,, +50,Core,idp.properties,Location from which to load user-supplied webflows from,all,,,resource path,%{idp.home}/flows,idp.webflows,STRING,, +121,Core,idp.properties,Policies to use with Impersonate interceptor flow,all,,,Policy ID,GeneralImpersonationPolicy,idp.impersonate.generalPolicy,STRING,, +1,Core,idp.properties,Auto-load all files matching conf/**/*.properties,4,,,,true,idp.searchForProperties,BOOLEAN,, +10,Core,idp.properties,Identifies the file to serve for requests to the IdP's well-known metadata location,all,,,file pathname,%{idp.home}/metadata/idp-metadata.xml,idp.entityID.metadataFile,STRING,, +120,Core,idp.properties,Path to use with External interceptor flow,all,,,,contextRelative:intercept.jsp,idp.intercept.External.externalPath,STRING,, +108,Core,idp.properties,languages to use if no match can be found with the browser-supported languages,all,,,"Comma seperated list of values ex. en, fr, de",,idp.ui.fallbackLanguages,STRING,, +48,Core,idp.properties,Auto-configures an X-Frame-Options response header,all,,,,DENY,idp.frameoptions,SELECTION_LIST,"DENY,SAMEORIGIN", +49,Core,idp.properties,Auto-configures a Content Security Policy response header,all,,,,frame-ancestors 'none',idp.csp,STRING,, +45,CSRF,idp.properties,Enables CSRF protection,4,,,,true,idp.csrf.enabled,BOOLEAN,, +46,CSRF,idp.properties,Name of the HTTP parameter that stores the CSRF token,4,,,,csrf_token,idp.csrf.token.parameter,STRING,, +317,DuoAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.Duo,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.Duo.lifetime,DURATION,, +305,DuoAuthnConfiguration,authn/duo.properties,Name of HTTP request header for Duo AuthAPI factor,4.1,idp.authn.Duo,,this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key,X-Shibboleth-Duo-Factor,idp.duo.nonbrowser.header.factor,STRING,, +311,DuoAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.Duo,,,false,idp.authn.Duo.nonBrowserSupported,BOOLEAN,, +314,DuoAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.Duo,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.Duo.proxyRestrictionsEnforced,BOOLEAN,, +320,DuoAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.Duo,,,shibboleth.Conditions.TRUE,idp.authn.Duo.activationCondition,SPRING_BEAN_ID,, +319,DuoAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.Duo,,,shibboleth.Conditions.TRUE,idp.authn.Duo.reuseCondition,SPRING_BEAN_ID,, +310,DuoAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.Duo,,,1000,idp.authn.Duo.order,INTEGER,, +302,DuoAuthnConfiguration,authn/duo.properties,Duo AuthAPI hostname assigned to the integration,4.1,idp.authn.Duo,,this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key,${idp.duo.apiHost},idp.duo.nonbrowser.apiHost,STRING,, +298,DuoAuthnConfiguration,authn/duo.properties,DuoWeb API hostname assigned to the integration,4.1,idp.authn.Duo,,this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key,,idp.duo.apiHost,STRING,, +318,DuoAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.Duo,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.Duo.inactivityTimeout,DURATION,, +313,DuoAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.Duo,,,false,idp.authn.Duo.forcedAuthenticationSupported,BOOLEAN,, +321,DuoAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer:/idp/profile/Authn/Duo/2FA/duo-callback,,idp.duo.oidc.redirectURL,STRING,, +608,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo AuthAPI integration key supplied by Duo,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.nonbrowser.integrationKey,STRING,, +598,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.secretKey,STRING,, +617,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum period inactivity between two consecutive data packets,4.1,idp.authn.DuoOIDC,1 (nimbus),,PT1M,idp.duo.oidc.socketTimeout,DURATION,, +616,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum length of time to wait for a connection to be returned from the connection manager,4.1,idp.authn.DuoOIDC,1 (nimbus),,PT1M,idp.duo.oidc.connectionRequestTimeout,DURATION,, +612,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Name of HTTP request header for Duo AuthAPI passcode,4.1,idp.authn.DuoOIDC,1,,X-Shibboleth-Duo-Passcode,idp.duo.oidc.nonbrowser.header.passcode,STRING,, +615,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum length of time to wait for the connection to be established,4.1,idp.authn.DuoOIDC,1 (nimbus),,PT1M,idp.duo.oidc.connectionTimeout,DURATION,, +581,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.nonBrowserSupported,BOOLEAN,, +602,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Leeway allowed in token expiry calculations,4.1,idp.authn.DuoOIDC,1,,PT60S,idp.duo.oidc.jwt.verifier.clockSkew,DURATION,, +618,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Max total simultaneous connections allowed by the pooling connection manager,4.1,idp.authn.DuoOIDC,1 (nimbus),,100,idp.duo.oidc.maxConnectionsTotal,INTEGER,, +590,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Bean ID ofPredicate determining whether flow is usable for request,4.1,idp.authn.DuoOIDC,1,,shibboleth.Conditions.TRUE,idp.authn.DuoOIDC.activationCondition,SPRING_BEAN_ID,, +589,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Bean ID ofPredicate controlling result reuse for SSO,4.1,idp.authn.DuoOIDC,1,,shibboleth.Conditions.TRUE,idp.authn.DuoOIDC.reuseCondition,SPRING_BEAN_ID,, +591,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Bean ID ofBiConsumer for subject customization",4.1,idp.authn.DuoOIDC,1,,,idp.authn.DuoOIDC.subjectDecorator,SPRING_BEAN_ID,, +619,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Max simultaneous connections per route allowed by the pooling connection manager,4.1,idp.authn.DuoOIDC,1 (nimbus),,100,idp.duo.oidc.maxConnectionsPerRoute,INTEGER,, +588,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.DuoOIDC,1,,%{idp.authn.defaultTimeout:PT30M},idp.authn.DuoOIDC.inactivityTimeout,DURATION,, +587,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Lifetime of results produced by this flow,4.1,idp.authn.DuoOIDC,1,,%{idp.authn.defaultLifetime:PT1H},idp.authn.DuoOIDC.lifetime,DURATION,, +580,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.DuoOIDC,1,,1000,idp.authn.DuoOIDC.order,INTEGER,, +610,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Name of HTTP request header for Duo AuthAPI factor,4.1,idp.authn.DuoOIDC,1,,X-Shibboleth-Duo-Factor,idp.duo.oidc.nonbrowser.header.factor,STRING,, +584,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow enforces upstream IdP-imposed restrictions on proxying,4.1,idp.authn.DuoOIDC,1,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.DuoOIDC.proxyRestrictionsEnforced,BOOLEAN,, +593,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow,4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.addDefaultPrincipals,BOOLEAN,, +594,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,DuoOIDC API hostname assigned to the integration,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.apiHost,STRING,, +582,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow allows for passive authentication,4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.passiveAuthenticationSupported,BOOLEAN,, +585,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow considers itself to be proxying,4.1,idp.authn.DuoOIDC,1,and therefore enforces SP-signaled restrictions on proxying,false,idp.authn.DuoOIDC.proxyScopingEnforced,BOOLEAN,, +595,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The OAuth 2.0 Client Identifier valid at the Authorization Server,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.clientId,STRING,, +614,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Pass client address to Duo in API calls to support logging,4.1,idp.authn.DuoOIDC,1,push display,true,idp.duo.oidc.nonbrowser.clientAddressTrusted,BOOLEAN,, +592,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Comma-delimited list of protocol-specific Principalstrings associated with flow,4.1,idp.authn.DuoOIDC,1,,"saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa",idp.authn.DuoOIDC.supportedPrincipals,STRING,, +597,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.redirecturl.allowedOrigins,STRING,, +599,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo's OAuth 2.0 health check endpoint,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/health_check,idp.duo.oidc.endpoint.health,STRING,, +600,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo's OAuth 2.0 token endpoint,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/token,idp.duo.oidc.endpoint.token,STRING,, +601,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo's OAuth 2.0 authorization endpoint,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/authorize,idp.duo.oidc.endpoint.authorize,STRING,, +604,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/token,idp.duo.oidc.jwt.verifier.issuerPath,STRING,, +605,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.,4.1,idp.authn.DuoOIDC,1,,preferred_username,idp.duo.oidc.jwt.verifier.preferredUsername,STRING,, +583,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow supports forced authentication,4.1,idp.authn.DuoOIDC,1,,true,idp.authn.DuoOIDC.forcedAuthenticationSupported,BOOLEAN,, +613,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Allow the factor to be defaulted in as ""auto"" if no headers are received",4.1,idp.authn.DuoOIDC,1,,true,idp.duo.oidc.nonbrowser.auto,BOOLEAN,, +607,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo AuthAPI hostname assigned to the integration,4.1,idp.authn.DuoOIDC,1,,%{idp.duo.oidc.apiHost},idp.duo.oidc.nonbrowser.apiHost,STRING,, +609,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo AuthAPI secret key supplied by Duo,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.nonbrowser.secretKey,STRING,, +611,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Name of HTTP request header for Duo AuthAPI device ID or name,4.1,idp.authn.DuoOIDC,1,,X-Shibboleth-Duo-Device,idp.duo.oidc.nonbrowser.header.device,STRING,, +606,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,How long the authentication is valid. Only applies to forced authentication requests.,4.1,idp.authn.DuoOIDC,1,,PT60S,idp.duo.oidc.jwt.verifier.authLifetime,DURATION,, +620,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,To enable certificate revocation checking,4.1,idp.authn.DuoOIDC,1 (nimbus),,false,idp.duo.oidc.nimbus.checkRevocation,BOOLEAN,, +603,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum amount (in either direction from now) of duration for which a token is valid after it is issued,4.1,idp.authn.DuoOIDC,1,,PT60S,idp.duo.oidc.jwt.verifier.iatWindow,DURATION,, +586,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether to invoke IdP-discovery prior to running flow,4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.discoveryRequired,BOOLEAN,, +55,ErrorHandlingConfiguration,idp.properties,"Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class).",all,,,Bean ID of Properties (java.util.Properties),,idp.errors.excludedExceptions,SPRING_BEAN_ID,, +52,ErrorHandlingConfiguration,idp.properties,Whether to expose detailed error causes in status information provided to outside parties,all,,,,false,idp.errors.detailed,BOOLEAN,, +54,ErrorHandlingConfiguration,idp.properties,The default view name to render for exceptions and events,all,,,,error,idp.errors.defaultView,STRING,, +56,ErrorHandlingConfiguration,idp.properties,"Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)",all,,,Bean ID of Collection (java.util),,idp.errors.exceptionMappings,SPRING_BEAN_ID,, +53,ErrorHandlingConfiguration,idp.properties,"Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)",all,,,,true,idp.errors.signed,BOOLEAN,, +168,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.External,,,false,idp.authn.External.passiveAuthenticationSupported,BOOLEAN,, +170,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.External,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.External.proxyRestrictionsEnforced,BOOLEAN,, +176,ExternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.External,,,shibboleth.Conditions.TRUE,idp.authn.External.activationCondition,SPRING_BEAN_ID,, +169,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.External,,,false,idp.authn.External.forcedAuthenticationSupported,BOOLEAN,, +173,ExternalAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.External,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.External.lifetime,DURATION,, +166,ExternalAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.External,,,1000,idp.authn.External.order,INTEGER,, +175,ExternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.External,,,shibboleth.Conditions.TRUE,idp.authn.External.reuseCondition,SPRING_BEAN_ID,, +167,ExternalAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.External,,,false,idp.authn.External.nonBrowserSupported,BOOLEAN,, +178,ExternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.External,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password",idp.authn.External.supportedPrincipals,STRING,, +164,ExternalAuthnConfiguration,authn/authn.properties,Spring Web Flow redirection expression for the protected resource,4.1,idp.authn.External,,,contextRelative:external.jsp,idp.authn.External.externalAuthnPath,STRING,, +179,ExternalAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.External,,,true,idp.authn.External.addDefaultPrincipals,BOOLEAN,, +165,ExternalAuthnConfiguration,authn/authn.properties,Regular expression to match username against,4.1,idp.authn.External,,regex expected,,idp.authn.External.matchExpression,STRING,, +172,ExternalAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.External,,,false,idp.authn.External.discoveryRequired,BOOLEAN,, +174,ExternalAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.External,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.External.inactivityTimeout,DURATION,, +171,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.External,,,false,idp.authn.External.proxyScopingEnforced,BOOLEAN,, +177,ExternalAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer to use to decide whether to run,4.1,,,,,idp.fticks.condition,SPRING_BEAN_ID,, +114,FTICKSLoggingConfiguration,idp.properties,Digest algorithm used to obscure usernames,all,,,,SHA-2,idp.fticks.algorithm,STRING,, +115,FTICKSLoggingConfiguration,idp.properties,"A salt to apply when digesting usernames (if not specified, the username will not be included)",all,,,,,idp.fticks.salt,STRING,, +297,FunctionAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.Function,,,true,idp.authn.Function.addDefaultPrincipals,BOOLEAN,, +289,FunctionAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.Function,,,false,idp.authn.Function.proxyScopingEnforced,BOOLEAN,, +294,FunctionAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.Function,,,shibboleth.Conditions.TRUE,idp.authn.Function.activationCondition,SPRING_BEAN_ID,, +286,FunctionAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.Function,,,false,idp.authn.Function.passiveAuthenticationSupported,BOOLEAN,, +285,FunctionAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.Function,,,false,idp.authn.Function.nonBrowserSupported,BOOLEAN,, +295,FunctionAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer controlling result reuse for SSO,4.1,idp.authn.Function,,,shibboleth.Conditions.TRUE,idp.authn.Function.reuseCondition,SPRING_BEAN_ID,, +459,HelloWorldConfiguration,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByAdminUser,idp.hello.accessPolicy,STRING,, +461,HelloWorldConfiguration,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.hello.nonBrowserSupported,BOOLEAN,, +458,HelloWorldConfiguration,admin/admin.properties,Audit log identifier for flow,4.1,,,,Hello,idp.hello.logging,STRING,, +462,HelloWorldConfiguration,admin/admin.properties,?,4.1,,,,,idp.hello.defaultAuthenticationMethods,STRING,, +463,HelloWorldConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,true,idp.hello.resolveAttributes,BOOLEAN,, +460,HelloWorldConfiguration,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,true,idp.hello.authenticated,BOOLEAN,, +464,HelloWorldConfiguration,admin/admin.properties,?,4.1,,,,,idp.hello.postAuthenticationFlows,STRING,, +280,IPAddressAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.IPAddress,,,shibboleth.Conditions.TRUE,idp.authn.IPAddress.activationCondition,SPRING_BEAN_ID,, +278,IPAddressAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.IPAddress,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.IPAddress.inactivityTimeout,DURATION,, +283,IPAddressAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.IPAddress,,,true,idp.authn.IPAddress.addDefaultPrincipals,BOOLEAN,, +273,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.forcedAuthenticationSupported,BOOLEAN,, +275,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.proxyScopingEnforced,BOOLEAN,, +276,IPAddressAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.discoveryRequired,BOOLEAN,, +272,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.passiveAuthenticationSupported,BOOLEAN,, +270,IPAddressAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.IPAddress,,,1000,idp.authn.IPAddress.order,INTEGER,, +281,IPAddressAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer controlling result reuse for SSO,4.1,idp.authn.IPAddress,,,shibboleth.Conditions.TRUE,idp.authn.IPAddress.reuseCondition,SPRING_BEAN_ID,, +277,IPAddressAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.IPAddress,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.IPAddress.lifetime,DURATION,, +274,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.IPAddress,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.IPAddress.proxyRestrictionsEnforced,BOOLEAN,, +271,IPAddressAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.nonBrowserSupported,BOOLEAN,, +158,JAASAuthnConfiguration,authn/authn.properties,Comma-delimited set of JAAS application configuration names to use,4.1,,,,ShibUserPassAuth,idp.authn.JAAS.loginConfigNames,STRING,, +159,JAASAuthnConfiguration,authn/authn.properties,Location of JAAS configuration file,4.1,,,resource path,%{idp.home}/conf/authn/jaas.config,idp.authn.JAAS.loginConfig,STRING,, +161,KerberosAuthnConfiguration,authn/authn.properties,Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set,4.1,,,,false,idp.authn.Krb5.preserveTicket,BOOLEAN,, +163,KerberosAuthnConfiguration,authn/authn.properties,Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal,4.1,,,,,idp.authn.Krb5.keytab,STRING,, +160,KerberosAuthnConfiguration,authn/authn.properties,Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt,4.1,,,,false,idp.authn.Krb5.refreshConfig,BOOLEAN,, +162,KerberosAuthnConfiguration,authn/authn.properties,Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it,4.1,,,,,idp.authn.Krb5.servicePrincipal,STRING,, +144,LDAPAuthnConfiguration,authn/authn.properties,If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.freeIPADirectory,BOOLEAN,, +134,LDAPAuthnConfiguration,authn/authn.properties,Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.subtreeSearch,BOOLEAN,, +135,LDAPAuthnConfiguration,authn/authn.properties,LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.userFilter,STRING,, +132,LDAPAuthnConfiguration,authn/authn.properties,List of attributes to request during authentication,all,,,"Comma seperated list of values. The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.returnAttributes,STRING,, +133,LDAPAuthnConfiguration,authn/authn.properties,Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.baseDN,STRING,, +139,LDAPAuthnConfiguration,authn/authn.properties,Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.resolveEntryOnFailure,BOOLEAN,, +136,LDAPAuthnConfiguration,authn/authn.properties,DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.bindDN,STRING,, +123,LDAPAuthnConfiguration,authn/authn.properties,"Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator",all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",anonSearchAuthenticator,idp.authn.LDAP.authenticator,STRING,, +127,LDAPAuthnConfiguration,authn/authn.properties,Time to wait for an LDAP response message,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT3S,idp.authn.LDAP.responseTimeout,DURATION,, +128,LDAPAuthnConfiguration,authn/authn.properties,"Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM",all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",ACTIVE_PASSIVE,idp.authn.LDAP.connectionStrategy,STRING,, +157,LDAPAuthnConfiguration,authn/authn.properties,Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your ,4.0.1,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.bindPoolPassivator,STRING,, +126,LDAPAuthnConfiguration,authn/authn.properties,Time to wait for the TCP connection to occur.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT3S,idp.authn.LDAP.connectTimeout,DURATION,, +145,LDAPAuthnConfiguration,authn/authn.properties,If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.eDirectory,BOOLEAN,, +146,LDAPAuthnConfiguration,authn/authn.properties,Whether connection pools should be used for LDAP authentication and DN resolution,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.disablePooling,BOOLEAN,, +143,LDAPAuthnConfiguration,authn/authn.properties,If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.activeDirectory,BOOLEAN,, +149,LDAPAuthnConfiguration,authn/authn.properties,Whether to validate connections when checking them out of the pool,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.pool.LDAP.validateOnCheckout,BOOLEAN,, +125,LDAPAuthnConfiguration,authn/authn.properties,Whether StartTLS should be used after connecting with LDAP alone.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",true,idp.authn.LDAP.useStartTLS,BOOLEAN,, +129,LDAPAuthnConfiguration,authn/authn.properties,"How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust",all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",certificateTrust,idp.authn.LDAP.sslConfig,STRING,, +140,LDAPAuthnConfiguration,authn/authn.properties,Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.resolveEntryWithBindDN,BOOLEAN,, +142,LDAPAuthnConfiguration,authn/authn.properties,Whether to use the Password Expired Control.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.usePasswordExpiration,BOOLEAN,, +150,LDAPAuthnConfiguration,authn/authn.properties,Whether to validate connections in the background,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",true,idp.pool.LDAP.validatePeriodically,BOOLEAN,, +130,LDAPAuthnConfiguration,authn/authn.properties,A resource to load trust anchors from when using sslConfig = certificateTrust,all,,,"resource path ex. %{idp.home}/credentials/ldap-server.crt - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.trustCertificates,STRING,, +131,LDAPAuthnConfiguration,authn/authn.properties,A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust,all,,,"resource path ex. %{idp.home}/credentials/ldap-server.truststore - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.trustStore,STRING,, +152,LDAPAuthnConfiguration,authn/authn.properties,DN to search with the validateFilter: defaults to the rootDSE,4.0.1,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.pool.LDAP.validateDN,STRING,, +124,LDAPAuthnConfiguration,authn/authn.properties,Connection URI for LDAP directory,all,,,"LDAP URI ex. ldap://localhost or ldaps://localhost - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.ldapURL,STRING,, +137,LDAPAuthnConfiguration,authn/authn.properties,Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.bindDNCredential,STRING,, +138,LDAPAuthnConfiguration,authn/authn.properties,A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator,all,,,"ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.dnFormat,STRING,, +154,LDAPAuthnConfiguration,authn/authn.properties,Duration between looking for idle connections to reduce the pool back to its minimum size,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT5M,idp.pool.LDAP.prunePeriod,DURATION,, +151,LDAPAuthnConfiguration,authn/authn.properties,Duration between validation if idp.pool.LDAP.validatePeriodically is true,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT5M,idp.pool.LDAP.validatePeriod,DURATION,, +141,LDAPAuthnConfiguration,authn/authn.properties,Whether to use the Password Policy Control.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.usePasswordPolicy,BOOLEAN,, +155,LDAPAuthnConfiguration,authn/authn.properties,Duration connections must be idle to be eligible for pruning,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT10M,idp.pool.LDAP.idleTime,DURATION,, +148,LDAPAuthnConfiguration,authn/authn.properties,Maximum LDAP connection pool size,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",10,idp.pool.LDAP.maxSize,INTEGER,, +147,LDAPAuthnConfiguration,authn/authn.properties,Minimum LDAP connection pool size,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",3,idp.pool.LDAP.minSize,INTEGER,, +156,LDAPAuthnConfiguration,authn/authn.properties,Duration to wait for a free connection in the pool,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT3S,idp.pool.LDAP.blockWaitTime,DURATION,, +153,LDAPAuthnConfiguration,authn/authn.properties,Search filter to execute in order to validate a pooled connection,4.0.1,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",(objectClass=*),idp.pool.LDAP.validateFilter,STRING,, +104,LogoutConfiguration,idp.properties,Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic,4.1,,,,false,idp.logout.preserveQuery,BOOLEAN,, +101,LogoutConfiguration,idp.properties,Whether to search metadata for user interface information associated with every service involved in logout propagation,all,,,,false,idp.logout.elaboration,BOOLEAN,, +105,LogoutConfiguration,idp.properties,When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints,4.2,,,,false,idp.logout.assumeAsync,BOOLEAN,, +106,LogoutConfiguration,idp.properties,"Applies the ""display:none"" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user",4.2,,,,false,idp.logout.propagationHidden,BOOLEAN,, +102,LogoutConfiguration,idp.properties,Whether to require signed logout messages in accordance with the SAML 2.0 standard,all,,,,true,idp.logout.authenticated,BOOLEAN,, +103,LogoutConfiguration,idp.properties,If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session,all,,,Bean ID of Predicate,false,idp.logout.promptUser,SPRING_BEAN_ID,, +642,Metadatagen,mdgen.properties,The width of the logo in pixels,4.1,idp.metadatagen,1,,80,idp.metadata.idpsso.mdui.logo.width,INTEGER,, +638,Metadatagen,mdgen.properties,Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier,4.1,idp.metadatagen,1,,,idp.metadata.dnsname,STRING,, +639,Metadatagen,mdgen.properties,Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.,4.1,idp.metadatagen,1,,,idp.metadata.backchannel.cert,STRING,, +640,Metadatagen,mdgen.properties,Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is use,4.1,idp.metadatagen,1,,,idp.metadata.idpsso.mdui.logo.path,STRING,, +643,Metadatagen,mdgen.properties,A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an is emitted for that language,4.1,idp.metadatagen,1,,,idp.metadata.idpsso.mdui.displayname.,STRING,, +641,Metadatagen,mdgen.properties,The height of the logo in pixels.,4.1,idp.metadatagen,1,,80,idp.metadata.idpsso.mdui.logo.height,INTEGER,, +645,Metadatagen,mdgen.properties,Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language,4.1,idp.metadatagen,1,,,idp.metadata.idpsso.mdui.description.,STRING,, +450,MetadataQuery,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.mdquery.resolveAttributes,BOOLEAN,, +451,MetadataQuery,admin/admin.properties,?,4.1,,,,,idp.mdquery.postAuthenticationFlows,STRING,, +445,MetadataQuery,admin/admin.properties,Audit log identifier for flow,4.1,,,,MetadataQuery,idp.mdquery.logging,STRING,, +446,MetadataQuery,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.mdquery.accessPolicy,STRING,, +449,MetadataQuery,admin/admin.properties,?,4.1,,,,,idp.mdquery.defaultAuthenticationMethods,STRING,, +448,MetadataQuery,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.mdquery.nonBrowserSupported,BOOLEAN,, +447,MetadataQuery,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.mdquery.authenticated,BOOLEAN,, +437,MetadataReload,admin/admin.properties,?,4.1,,,,,idp.reload.postAuthenticationFlows,STRING,, +436,MetadataReload,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.reload.resolveAttributes,BOOLEAN,, +432,MetadataReload,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.reload.accessPolicy,STRING,, +433,MetadataReload,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.reload.authenticated,BOOLEAN,, +434,MetadataReload,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.reload.nonBrowserSupported,BOOLEAN,, +431,MetadataReload,admin/admin.properties,Audit log identifier for flow,4.1,,,,Reload,idp.reload.logging,STRING,, +435,MetadataReload,admin/admin.properties,?,4.1,,,,,idp.reload.defaultAuthenticationMethods,STRING,, +454,MetricsConfiguration,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.metrics.nonBrowserSupported,BOOLEAN,, +456,MetricsConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.metrics.resolveAttributes,BOOLEAN,, +455,MetricsConfiguration,admin/admin.properties,?,4.1,,,,,idp.metrics.defaultAuthenticationMethods,STRING,, +452,MetricsConfiguration,admin/admin.properties,Audit log identifier for flow,4.1,,,,Metrics,idp.metrics.logging,STRING,, +457,MetricsConfiguration,admin/admin.properties,?,4.1,,,,,idp.metrics.postAuthenticationFlows,STRING,, +453,MetricsConfiguration,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.metrics.authenticated,BOOLEAN,, +344,MultiFactorAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.MFA,,,1000,idp.authn.MFA.order,INTEGER,, +343,MultiFactorAuthnConfiguration,authn/authn.properties,Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions,4.1,,,,true,idp.authn.MFA.validateLoginTransitions,BOOLEAN,, +355,MultiFactorAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,idp.authn.MFA,,,shibboleth.Conditions.TRUE,idp.authn.MFA.activationCondition,SPRING_BEAN_ID,, +345,MultiFactorAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.MFA,,,false,idp.authn.MFA.nonBrowserSupported,BOOLEAN,, +351,MultiFactorAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.MFA,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.MFA.lifetime,DURATION,, +353,MultiFactorAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.MFA,,,shibboleth.Conditions.TRUE,idp.authn.MFA.reuseCondition,SPRING_BEAN_ID,, +352,MultiFactorAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.MFA,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.MFA.inactivityTimeout,DURATION,, +347,MultiFactorAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.MFA,,,false,idp.authn.MFA.forcedAuthenticationSupported,BOOLEAN,, +357,MultiFactorAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.MFA,,,true,idp.authn.MFA.addDefaultPrincipals,BOOLEAN,, +346,MultiFactorAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.MFA,,,false,idp.authn.MFA.passiveAuthenticationSupported,BOOLEAN,, +356,MultiFactorAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.MFA,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password",idp.authn.MFA.supportedPrincipals,STRING,, +350,MultiFactorAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.MFA,,,false,idp.authn.MFA.discoveryRequired,BOOLEAN,, +349,MultiFactorAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.MFA,,,false,idp.authn.MFA.proxyScopingEnforced,BOOLEAN,, +501,NameIDConsumptionConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.saml.lowercase,BOOLEAN,, +502,NameIDConsumptionConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.saml.uppercase,BOOLEAN,, +358,NameIDGenerationConfiguration,saml-nameid.properties,Identifies the strategy plugin for generating transient IDs,all,,,Bean ID of a TransientIdGenerationStrategy,shibboleth.CryptoTransientIdGenerator,idp.transientId.generator,SPRING_BEAN_ID,, +359,NameIDGenerationConfiguration,saml-nameid.properties,Default Format to generate if nothing else is indicated,all,,,,urn:oasis:names:tc:SAML:2.0:nameid-format:transient,idp.nameid.saml2.default,STRING,, +360,NameIDGenerationConfiguration,saml-nameid.properties,Default Format to generate if nothing else is indicated,all,,,,urn:mace:shibboleth:1.0:nameIdentifier,idp.nameid.saml1.default,STRING,, +553,OAuth2ClientAuthnConfiguration,oidc.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.oidc.OP,3,,1000,idp.authn.OAuth2Client.order,INTEGER,, +557,OAuth2ClientAuthnConfiguration,oidc.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.oidc.OP,3,,true,idp.authn.OAuth2Client.addDefaultPrincipals,BOOLEAN,, +551,OAuth2ClientAuthnConfiguration,oidc.properties,Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed),4.1,idp.oidc.OP,3,,true,idp.authn.OAuth2Client.removeAfterValidation,BOOLEAN,, +552,OAuth2ClientAuthnConfiguration,oidc.properties,Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution,4.1,idp.oidc.OP,3,use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.,false,idp.authn.OAuth2Client.retainAsPrivateCredential,BOOLEAN,, +550,OAuth2ClientAuthnConfiguration,oidc.properties,Whether all validators must succeed or just one,4.1,idp.oidc.OP,3,,false,idp.authn.OAuth2Client.requireAll,BOOLEAN,, +554,OAuth2ClientAuthnConfiguration,oidc.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.oidc.OP,3,,shibboleth.Conditions.TRUE,idp.authn.OAuth2Client.activationCondition,SPRING_BEAN_ID,, +556,OAuth2ClientAuthnConfiguration,oidc.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.oidc.OP,3,,,idp.authn.OAuth2Client.supportedPrincipals,STRING,, +555,OAuth2ClientAuthnConfiguration,oidc.properties,Bean ID of BiConsumer> called shibboleth.oidc.AllowedAudienceStrategy",4.1,idp.oidc.OP,3,,,idp.oauth2.defaultAllowedAudience,SPRING_BEAN_ID,, +574,OPClientCredentialsGrant,oidc.properties,"bean of type Function called shibboleth.oidc.AllowedScopeStrategy",4.1,idp.oidc.OP,3,,,idp.oauth2.defaultAllowedScope,SPRING_BEAN_ID,, +572,OPClientResolution,oidc.properties,When non-zero enables monitoring of resources for service reload,4.1,idp.oidc.OP,3,,PT0S,idp.service.clientinfo.checkInterval,DURATION,, +571,OPClientResolution,oidc.properties,If true any failures during initialization of any resolvers result in IdP startup failure,4.1,idp.oidc.OP,3,,false,idp.service.clientinfo.failFast,BOOLEAN,, +573,OPClientResolution,oidc.properties,Name of bean used to define the resources to use in configuring this service,4.1,idp.oidc.OP,3,,shibboleth.ClientInformationResolverResources,idp.service.clientinfo.resources,SPRING_BEAN_ID,, +558,OPCustomFilterRegistration,oidc.properties,"By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints",4.1,idp.oidc.OP,3,,shibboleth.ResponseHeaderFilter,idp.oidc.ResponseHeaderFilter,SPRING_BEAN_ID,, +559,OPDiscovery,oidc.properties,Location of discovery template to use,4.1,idp.oidc.OP,3,,%{idp.home}/static/openid-configuration.json,idp.oidc.discovery.template,STRING,, +560,OPDiscovery,oidc.properties,Implementation bean for discovery shouldn't require alteration,4.1,idp.oidc.OP,3,,shibboleth.oidc.DefaultOpenIdConfigurationResolver,idp.oidc.discovery.resolver,SPRING_BEAN_ID,, +564,OPDynamicClientRegistration,oidc.properties,Whether to resolve attributes if authentication is enabled,4.1,idp.oidc.OP,3,,false,idp.oidc.admin.registration.resolveAttributes,BOOLEAN,, +566,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to all requests,4.1,idp.oidc.OP,3,,AccessByIPAddress,idp.oidc.admin.registration.accessPolicy,STRING,, +570,OPDynamicClientRegistration,oidc.properties,"Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.",4.1,idp.oidc.OP,3,,shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy,idp.oidc.admin.registration.lookup.policy,SPRING_BEAN_ID,, +562,OPDynamicClientRegistration,oidc.properties,Enables support for non-browser-based authentication,4.1,idp.oidc.OP,3,,true,idp.oidc.admin.registration.nonBrowserSupported,BOOLEAN,, +537,OPDynamicClientRegistration,oidc.properties,Registration lifetime,4.1,idp.oidc.OP,3,,PT24H,idp.oidc.dynreg.defaultRegistrationValidity,DURATION,, +569,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to requests specifying a clientId,4.1,idp.oidc.OP,3,,AccessByAdmin,idp.oidc.admin.registration.clientIdPolicy,STRING,, +568,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to requests specifying a policyId,4.1,idp.oidc.OP,3,,AccessByAdmin,idp.oidc.admin.registration.policyIdPolicy,STRING,, +567,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to requests specifying a policyLocation,4.1,idp.oidc.OP,3,,AccessByAdmin,idp.oidc.admin.registration.policyLocationPolicy,STRING,, +563,OPDynamicClientRegistration,oidc.properties,Whether to enable user authentication for requests,4.1,idp.oidc.OP,3,,false,idp.oidc.admin.registration.authenticated,BOOLEAN,, +541,OPDynamicClientRegistration,oidc.properties,The acceptable client authentication methods when using dynamic registration,4.1,idp.oidc.OP,3,Comma seperated list of values,"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt",idp.oidc.dynreg.tokenEndpointAuthMethods,STRING,, +539,OPDynamicClientRegistration,oidc.properties,The default subject type if not set by client in request. Maybe set to pairwise or public.,4.1,idp.oidc.OP,3,,public,idp.oidc.dynreg.defaultSubjectType,STRING,, +565,OPDynamicClientRegistration,oidc.properties,Default access token lifetime if not specified,4.1,idp.oidc.OP,3,,P1D,idp.oidc.admin.registration.defaultTokenLifetime,DURATION,, +538,OPDynamicClientRegistration,oidc.properties,The default scopes accepted in dynamic registration,4.1,idp.oidc.OP,3,,openid profile email address phone offline_access,idp.oidc.dynreg.defaultScope,STRING,, +561,OPDynamicClientRegistration,oidc.properties,Audit logging label for this profile,4.1,idp.oidc.OP,3,,IssueRegistrationAccessToken,idp.oidc.admin.registration.logging,STRING,, +540,OPMetadataPolicies,oidc.properties,Full path to the file containing default metadata policy used for dynamic client registration,4.1,idp.oidc.OP,3,,,idp.oidc.dynreg.defaultMetadataPolicyFile,STRING,, +536,OPRevocation,oidc.properties,The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token,4.1,idp.oidc.OP,3,,CHAIN,idp.oauth2.revocationMethod,STRING,, +528,OPRevocation,oidc.properties,Lifetime of entries in revocation cache for authorize code,4.1,idp.oidc.OP,3,,PT6H,idp.oidc.revocationCache.authorizeCode.lifetime,DURATION,, +543,OPSecurity,oidc.properties,JWK EC signing keypair,4.1,idp.oidc.OP,3,JWK file pathname,%{idp.home}/credentials/idp-signing-es.jwk,idp.signing.oidc.es.key,STRING,, +547,OPSecurity,oidc.properties,Allows override of default request decryption configuration,4.1,idp.oidc.OP,3,,shibboleth.oidc.requestObjectDecryptionConfiguration,idp.oidc.rodecrypt.config,SPRING_BEAN_ID,, +544,OPSecurity,oidc.properties,JWK RSA decryption keypair,4.1,idp.oidc.OP,3,JWK file pathname,%{idp.home}/credentials/idp-encryption-rsa.jwk,idp.signing.oidc.rsa.enc.key,STRING,, +546,OPSecurity,oidc.properties,Allows override of default encryption configuration,4.1,idp.oidc.OP,3,,shibboleth.oidc.EncryptionConfiguration,idp.oidc.encryption.config,SPRING_BEAN_ID,, +545,OPSecurity,oidc.properties,Allows override of default signing configuration,4.1,idp.oidc.OP,3,,shibboleth.oidc.SigningConfiguration,idp.oidc.signing.config,SPRING_BEAN_ID,, +542,OPSecurity,oidc.properties,JWK RSA signing keypair,4.1,idp.oidc.OP,3,JWK file pathname,%{idp.home}/credentials/idp-signing-rs.jwk,idp.signing.oidc.rs.key,STRING,, +548,OPSecurity,oidc.properties,Allows override of default request signature validation configuration,4.1,idp.oidc.OP,3,one of these has the wrong name,shibboleth.oidc.requestObjectSignatureValidationConfiguration,idp.oidc.rovalid.config,SPRING_BEAN_ID,, +549,OPSecurity,oidc.properties,Allows override of default JWT token validation configuration,4.1,idp.oidc.OP,3,one of these has the wrong name,shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration,idp.oidc.rovalid.config,SPRING_BEAN_ID,, +577,OPSubClaim,oidc.properties,The source attribute used in generating the sub claim,4.1,idp.oidc.OP,3,,,idp.oidc.subject.sourceAttribute,STRING,, +578,OPSubClaim,oidc.properties,The digest algorithm used in generating the sub claim,4.1,idp.oidc.OP,3,,SHA,idp.oidc.subject.algorithm,STRING,, +579,OPSubClaim,oidc.properties,Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository,4.1,idp.oidc.OP,3,,,idp.oidc.subject.salt,STRING,, +535,OPToken,oidc.properties,Lifetime of access token issued to client for resource server,4.1,idp.oidc.OP,3,,PT10M,idp.oauth2.accessToken.defaultLifetime,DURATION,, +521,OPToken,oidc.properties,Lifetime of refresh token,4.1,idp.oidc.OP,3,,PT2H,idp.oidc.refreshToken.defaultLifetime,DURATION,, +530,OPToken,oidc.properties,The acceptable client authentication methods,4.1,idp.oidc.OP,3,Comma seperated list of values,"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt",idp.oidc.tokenEndpointAuthMethods,STRING,, +531,OPToken,oidc.properties,OAuth grant types to allow,4.1,idp.oidc.OP,3,Comma seperated list of values,"authorization_code,refresh_token",idp.oauth2.grantTypes,STRING,, +519,OPToken,oidc.properties,Lifetime of access token,4.1,idp.oidc.OP,3,,PT10M,idp.oidc.accessToken.defaultLifetime,DURATION,, +523,OPToken,oidc.properties,Whether client is allowed to use PKCE code challenge method plain,4.1,idp.oidc.OP,3,,false,idp.oidc.allowPKCEPlain,BOOLEAN,, +522,OPToken,oidc.properties,Whether client is required to use PKCE,4.1,idp.oidc.OP,3,,false,idp.oidc.forcePKCE,BOOLEAN,, +518,OPToken,oidc.properties,Lifetime of ID token,4.1,idp.oidc.OP,3,,PT1H,idp.oidc.idToken.defaultLifetime,DURATION,, +533,OPToken,oidc.properties,Format of access token. Supported values are JWT or nothing.,4.1,idp.oidc.OP,3.2,,,idp.oauth2.accessToken.type,STRING,, +534,OPToken,oidc.properties,Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token,4.1,idp.oidc.OP,3,,false,idp.oauth2.encryptionOptional,BOOLEAN,, +532,OPToken,oidc.properties,Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.,4.1,idp.oidc.OP,3.2,,false,idp.oauth2.enforceRefreshTokenRotation,BOOLEAN,, +371,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Query timeout for database access,4.1,,,,PT5S,idp.persistentId.queryTimeout,DURATION,, +373,PersistentNameIDGenerationConfiguration,saml-nameid.properties,List of error strings to identify as retryable failures,4.1,,,,"23000,23505",idp.persistentId.retryableErrors,STRING,, +369,PersistentNameIDGenerationConfiguration,saml-nameid.properties,The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64,all,,,,BASE64,idp.persistentId.encoding,STRING,, +370,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services,all,,,,shibboleth.ComputedIdExceptionMap,idp.persistentId.exceptionMap,SPRING_BEAN_ID,, +367,PersistentNameIDGenerationConfiguration,saml-nameid.properties,An encoded form of the persistentId.salt,all,,,,,idp.persistentId.encodedSalt,STRING,, +362,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Identifies a data source for storage-based management of persistent IDs,all,,,Bean ID of a JDBC DataSource,,idp.persistentId.dataSource,SPRING_BEAN_ID,, +361,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Identifies the strategy plugin for sourcing persistent IDs,all,,,Bean ID of a PairwiseIdStore,shibboleth.ComputedPersistentIdGenerator,idp.persistentId.generator,SPRING_BEAN_ID,, +368,PersistentNameIDGenerationConfiguration,saml-nameid.properties,The hash algorithm used when using computed persistent IDs,all,,,,SHA,idp.persistentId.algorithm,STRING,, +366,PersistentNameIDGenerationConfiguration,saml-nameid.properties,A secret salt for the hash when using computed persistent IDs,all,,,,,idp.persistentId.salt,STRING,, +383,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,deactivationDate,idp.persistentId.deactivationTimeColumn,STRING,, +382,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,creationDate,idp.persistentId.createTimeColumn,STRING,, +374,PersistentNameIDGenerationConfiguration,saml-nameid.properties,When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.,4.1,,,,true,idp.persistentId.verifyDatabase,BOOLEAN,, +365,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Whether or not the previous property has access to unreleased attributes,all,,,,true,idp.persistentId.useUnfilteredAttributes,BOOLEAN,, +381,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,peerProvidedId,idp.persistentId.peerProvidedIdColumn,STRING,, +380,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,persistentId,idp.persistentId.persistentIdColumn,STRING,, +379,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,localId,idp.persistentId.sourceIdColumn,STRING,, +378,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,principalName,idp.persistentId.principalNameColumn,STRING,, +377,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,peerEntity,idp.persistentId.peerEntityColumn,STRING,, +376,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,localEntity,idp.persistentId.localEntityColumn,STRING,, +375,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides the name of the table in the database,4.1,,,,shibpid,idp.persistentId.tableName,STRING,, +364,PersistentNameIDGenerationConfiguration,saml-nameid.properties,List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable,all,,,,,idp.persistentId.sourceAttribute,STRING,, +363,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Identifies a strategy plugin to use to generate the first persistent identifier for each subject,all,,,used to migrate from the computed to stored strategies: can be null,shibboleth.ComputedPersistentIdGenerator,idp.persistentId.computed,SPRING_BEAN_ID,, +372,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Number of retries in the event database locking bugs cause retryable failures,4.1,,,,3,idp.persistentId.transactionRetries,INTEGER,, +412,ReloadableServices,services.properties,Time to notice changes to NameIDGenerationConfiguration and reload service,all,,,,0,idp.service.nameidGeneration.checkInterval,DURATION,, +422,ReloadableServices,services.properties,Name of Spring bean identifying Spring message property resources,all,,,,shibboleth.MessageSourceResources,idp.message.resources,SPRING_BEAN_ID,, +419,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for ManagedBeanConfiguration,all,,,,shibboleth.ManagedBeanResources,idp.service.managedBean.resources,SPRING_BEAN_ID,, +417,ReloadableServices,services.properties,Fail at startup if CASServiceRegistry configuration is invalid,all,,,,false,idp.service.cas.registry.failFast,BOOLEAN,, +411,ReloadableServices,services.properties,Fail at startup if NameIDGenerationConfiguration is invalid,all,,,,false,idp.service.nameidGeneration.failFast,BOOLEAN,, +407,ReloadableServices,services.properties,Fail at startup if AttributeFilterConfiguration is invalid,all,,,,false,idp.service.attribute.filter.failFast,BOOLEAN,, +404,ReloadableServices,services.properties,"Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invis",all,,,,false,idp.service.attribute.resolver.stripNulls,BOOLEAN,, +401,ReloadableServices,services.properties,Fail at startup if AttributeResolverConfiguration is invalid,all,,,,false,idp.service.attribute.resolver.failFast,BOOLEAN,, +397,ReloadableServices,services.properties,Fail at startup if AttributeRegistryConfiguration is invalid,all,,,,false,idp.service.attribute.registry.failFast,BOOLEAN,, +421,ReloadableServices,services.properties,Time to notice ManagedBeanConfiguration changes and reload service,all,,,,0,idp.service.managedBean.checkInterval,DURATION,, +418,ReloadableServices,services.properties,Time to notice CASServiceRegistry configuration changes and reload service,all,,,,0,idp.service.cas.registry.checkInterval,DURATION,, +415,ReloadableServices,services.properties,Time to notice changes to AccessControlConfiguration and reload service,all,,,,0,idp.service.access.checkInterval,DURATION,, +408,ReloadableServices,services.properties,Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads,all,,,,0,idp.service.attribute.filter.checkInterval,DURATION,, +416,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for CASServiceRegistry configuration,all,,,,shibboleth.CASServiceRegistryResources,idp.service.cas.registry.resources,SPRING_BEAN_ID,, +413,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AccessControlConfiguration,all,,,,shibboleth.AccessControlResource,idp.service.access.resources,SPRING_BEAN_ID,, +410,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for NameIDGenerationConfiguration,all,,,,shibboleth.NameIdentifierGenerationResources,idp.service.nameidGeneration.resources,SPRING_BEAN_ID,, +402,ReloadableServices,services.properties,Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads,all,,,,0,idp.service.attribute.resolver.checkInterval,DURATION,, +406,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AttributeFilterConfiguration,all,,,,shibboleth.AttributeFilterResources,idp.service.attribute.filter.resources,SPRING_BEAN_ID,, +398,ReloadableServices,services.properties,Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads,all,,,,0,idp.service.attribute.registry.checkInterval,DURATION,, +400,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AttributeResolverConfiguration,all,,,,shibboleth.AttributeResolverResources,idp.service.attribute.resolver.resources,SPRING_BEAN_ID,, +396,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AttributeRegistryConfiguration,all,,,,shibboleth.AttributeRegistryResources,idp.service.attribute.registry.resources,SPRING_BEAN_ID,, +392,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for MetadataConfiguration,all,,,,shibboleth.MetadataResolverResources,idp.service.metadata.resources,SPRING_BEAN_ID,, +423,ReloadableServices,services.properties,Seconds between reloads of message property resources,all,,,,300,idp.message.cacheSeconds,INTEGER,, +393,ReloadableServices,services.properties,Fail at startup if MetadataConfiguration is invalid,all,,,,false,idp.service.metadata.failFast,BOOLEAN,, +391,ReloadableServices,services.properties,See MetadataDrivenConfiguration SAML Attribute Name Format Usage,all,,,,false,idp.service.relyingparty.ignoreUnmappedEntityAttributes,BOOLEAN,, +389,ReloadableServices,services.properties,Fail at startup if RelyingPartyConfiguration is invalid,all,,,,false,idp.service.relyingparty.failFast,BOOLEAN,, +388,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for RelyingPartyConfiguration,all,,,,shibboleth.RelyingPartyResolverResources,idp.service.relyingparty.resources,SPRING_BEAN_ID,, +385,ReloadableServices,services.properties,Logging configuration resource to use (the reloadable service ID is shibboleth.LoggingService),all,,,resource path,%{idp.home}/conf/logback.xml,idp.service.logging.resource,STRING,, +390,ReloadableServices,services.properties,Time to notice changes to RelyingPartyConfiguration and reload service. A value of 0 indicates that the relying party configuration never reloads,all,,,,0,idp.service.relyingparty.checkInterval,DURATION,, +387,ReloadableServices,services.properties,Time to notice changes to logging configuration and reload service. A value of 0 indicates that the logging configuration never reloads,all,,,,0,idp.service.logging.checkInterval,DURATION,, +394,ReloadableServices,services.properties,Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads,all,,,,0,idp.service.metadata.checkInterval,DURATION,, +384,ReloadableServices,services.properties,Set default fail-fast behavior of all services unless overridden by service,all,,,,false,idp.service.failFast,BOOLEAN,, +414,ReloadableServices,services.properties,Fail at startup if AccessControlConfiguration is invalid,all,,,,true,idp.service.access.failFast,BOOLEAN,, +409,ReloadableServices,services.properties,Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event,all,,,,true,idp.service.attribute.filter.maskFailures,BOOLEAN,, +395,ReloadableServices,services.properties,Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost,all,,,,true,idp.service.metadata.enableByReferenceFilters,BOOLEAN,, +386,ReloadableServices,services.properties,Fail at startup if logging configuration is invalid,all,,,,true,idp.service.logging.failFast,BOOLEAN,, +420,ReloadableServices,services.properties,Fail at startup if ManagedBeanConfiguration is invalid,all,,,,false,idp.service.managedBean.failFast,BOOLEAN,, +405,ReloadableServices,services.properties,Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so ther,4.2,,,,true,idp.service.attribute.resolver.suppressDisplayInfo,BOOLEAN,, +403,ReloadableServices,services.properties,Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event,all,,,,true,idp.service.attribute.resolver.maskFailures,BOOLEAN,, +399,ReloadableServices,services.properties,Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry,all,,,,true,idp.service.attribute.registry.encodeType,BOOLEAN,, +6,RelyingPartyConfiguration,idp.properties,Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped),all,,,,true,idp.artifact.secureChannel,BOOLEAN,, +9,RelyingPartyConfiguration,idp.properties,"Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also",4.1,,,,true,idp.bindings.inMetadataOrder,BOOLEAN,, +3,RelyingPartyConfiguration,idp.properties,The unique name of the IdP used as the iisuer in all SAML profiles,all,,,ex. https://unicon.net/idp/shibboleth,,idp.entityID,STRING,, +7,RelyingPartyConfiguration,idp.properties,Identifies the endpoint in SAML metadata associated with artifacts issued by a server node,all,,,,2,idp.artifact.endpointIndex,INTEGER,, +5,RelyingPartyConfiguration,idp.properties,Whether to allow use of the SAML artifact bindings when sending messages,all,,,,true,idp.artifact.enabled,BOOLEAN,, +186,RemoteUserAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.RemoteUser,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.RemoteUser.proxyRestrictionsEnforced,BOOLEAN,, +191,RemoteUserAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.RemoteUser,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUser.reuseCondition,SPRING_BEAN_ID,, +188,RemoteUserAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.RemoteUser,,,false,idp.authn.RemoteUser.discoveryRequired,BOOLEAN,, +183,RemoteUserAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.RemoteUser,,,false,idp.authn.RemoteUser.nonBrowserSupported,BOOLEAN,, +184,RemoteUserAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.RemoteUser,,,false,idp.authn.RemoteUser.passiveAuthenticationSupported,BOOLEAN,, +193,RemoteUserAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,idp.authn.RemoteUser,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUser.activationCondition,SPRING_BEAN_ID,, +195,RemoteUserAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.RemoteUser,,,true,idp.authn.RemoteUser.addDefaultPrincipals,BOOLEAN,, +189,RemoteUserAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.RemoteUser,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.RemoteUser.lifetime,DURATION,, +208,RemoteUserInternalAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.nonBrowserSupported,BOOLEAN,, +219,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.RemoteUserInternal,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password",idp.authn.RemoteUserInternal.supportedPrincipals,STRING,, +210,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.forcedAuthenticationSupported,BOOLEAN,, +204,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of usernames to deny while accepting all others,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.deniedUsernames,STRING,, +209,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.passiveAuthenticationSupported,BOOLEAN,, +203,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of usernames to accept while blocking all others,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.allowedUsernames,STRING,, +202,RemoteUserInternalAuthnConfiguration,authn/authn.properties,A regular expression that must match the username,4.1,idp.authn.RemoteUserInternal,,regex expected,,idp.authn.RemoteUserInternal.matchExpression,STRING,, +198,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of request headers to check for a username,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.checkHeaders,STRING,, +207,RemoteUserInternalAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.RemoteUserInternal,,,1000,idp.authn.RemoteUserInternal.order,INTEGER,, +211,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.RemoteUserInternal,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.RemoteUserInternal.proxyRestrictionsEnforced,BOOLEAN,, +220,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.RemoteUserInternal,,,true,idp.authn.RemoteUserInternal.addDefaultPrincipals,BOOLEAN,, +199,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to trim leading and trailing whitespace from the username before validating it,4.1,idp.authn.RemoteUserInternal,,,true,idp.authn.RemoteUserInternal.trim,BOOLEAN,, +201,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to uppercase the username before validating it,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.uppercase,BOOLEAN,, +196,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to check REMOTE_USER for a username,4.1,idp.authn.RemoteUserInternal,,,true,idp.authn.RemoteUserInternal.checkRemoteUser,BOOLEAN,, +206,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Regular expression to match username against,4.1,idp.authn.RemoteUserInternal,,regex expected,,idp.authn.RemoteUserInternal.matchExpression,STRING,, +214,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.RemoteUserInternal,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.RemoteUserInternal.lifetime,DURATION,, +216,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.RemoteUserInternal,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUserInternal.reuseCondition,SPRING_BEAN_ID,, +217,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.RemoteUserInternal,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUserInternal.activationCondition,SPRING_BEAN_ID,, +215,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.RemoteUserInternal,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.RemoteUserInternal.inactivityTimeout,DURATION,, +205,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Spring Web Flow redirection expression for the protected resource,4.1,idp.authn.RemoteUserInternal,,,contextRelative:external.jsp,idp.authn.RemoteUserInternal.externalAuthnPath,STRING,, +213,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.discoveryRequired,BOOLEAN,, +197,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited lists of request attributes to check for a username,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.checkAttributes,STRING,, +212,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.proxyScopingEnforced,BOOLEAN,, +218,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.SAML.activationCondition,SPRING_BEAN_ID,, +338,SAMLAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.SAML.reuseCondition,SPRING_BEAN_ID,, +328,SAMLAuthnConfiguration,authn/authn.properties,Optional bean ID of AssertionValidator to run,4.1,,,,,idp.authn.SAML.assertionValidator,SPRING_BEAN_ID,, +327,SAMLAuthnConfiguration,authn/authn.properties,"Optional bean ID of Function to run at the late stages of Response decoding/processing",4.1,,,,,idp.authn.SAML.inboundMessageHandlerFunction,SPRING_BEAN_ID,, +329,SAMLAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,,,,1000,idp.authn.SAML.order,INTEGER,, +333,SAMLAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.SAML.proxyRestrictionsEnforced,BOOLEAN,, +336,SAMLAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.SAML.lifetime,DURATION,, +340,SAMLAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step",4.1,,,,,idp.authn.SAML.outboundMessageHandlerFunction,SPRING_BEAN_ID,, +325,SAMLAuthnConfiguration,authn/authn.properties,Statically-defined entityID of IdP to use for authentication,4.1,,,,,idp.authn.SAML.proxyEntityID,STRING,, +334,SAMLAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,,,,false,idp.authn.SAML.proxyScopingEnforced,BOOLEAN,, +17,SecurityConfiguration,idp.properties,Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified,all,,,,,idp.cookie.sameSite,SELECTION_LIST,"None,Lax,Strict", +16,SecurityConfiguration,idp.properties,Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days),all,,,,31536000,idp.cookie.maxAge,INTEGER,, +21,SecurityConfiguration,idp.properties,Time between checks for a new AES key version,all,,,,PT15M,idp.sealer.updateInterval,DURATION,, +23,SecurityConfiguration,idp.properties,Keystore resource containing AES encryption key usually a file path,all,,,resource path,,idp.sealer.storeResource,STRING,, +12,SecurityConfiguration,idp.properties,If true all cookies issued by the IdP (not including the container) will be limited to TLS,all,,,,false,idp.cookie.secure,BOOLEAN,, +14,SecurityConfiguration,idp.properties,Overrides the domain of any cookies issued by the IdP (not including the container),all,,,,,idp.cookie.domain,STRING,, +33,SecurityConfiguration,idp.properties,Name of Spring bean supplying the default SecurityConfiguration,all,,,Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration),shibboleth.DefaultSecurityConfiguration,idp.security.config,SPRING_BEAN_ID,, +34,SecurityConfiguration,idp.properties,Name of Spring bean supplying the default SignatureSigningConfiguration,all,,,Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec),shibboleth.SigningConfiguration.SHA256,idp.signing.config,SPRING_BEAN_ID,, +18,SecurityConfiguration,idp.properties,Predicate condition bean controlling whether SameSite filter runs,all,,,Bean ID of Predicate,shibboleth.Conditions.FALSE,idp.cookie.sameSiteCondition,SPRING_BEAN_ID,, +15,SecurityConfiguration,idp.properties,Overrides the path of any cookies issued by the IdP (not including the container),all,,,,,idp.cookie.path,STRING,, +20,SecurityConfiguration,idp.properties,Type of Java keystore used for IdP's internal AES encryption key,all,,,,JCEKS,idp.sealer.storeType,STRING,, +40,SecurityConfiguration,idp.properties,Default freshness window for accepting timestamped messages,all,,,,PT3M,idp.policy.messageLifetime,DURATION,, +41,SecurityConfiguration,idp.properties,Default freshness window for accepting timestamped assertions,all,,,,PT3M,idp.policy.assertionLifetime,DURATION,, +42,SecurityConfiguration,idp.properties,Default allowance for clock differences between systems,all,,,,PT3M,idp.policy.clockSkew,DURATION,, +24,SecurityConfiguration,idp.properties,Resource that tracks the active AES encryption key version usually a file path,all,,,,,idp.sealer.versionResource,STRING,, +27,SecurityConfiguration,idp.properties,Resource containing private key for signing typically a file in the credentials directory,all,,,,,idp.signing.key,STRING,, +22,SecurityConfiguration,idp.properties,Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number),all,,,,secret,idp.sealer.aliasBase,STRING,, +37,SecurityConfiguration,idp.properties,Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration,all,,,,Default,idp.encryption.keyagreement.metadata.defaultUseKeyWrap,STRING,, +38,SecurityConfiguration,idp.properties,Name of Spring bean for the trust engine used to verify signatures,all,,,Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support),shibboleth.ChainingSignatureTrustEngine,idp.trust.signatures,SPRING_BEAN_ID,, +36,SecurityConfiguration,idp.properties,If true failure to locate an encryption key to use won't result in request failure,all,,,,false,idp.encryption.optional,BOOLEAN,, +25,SecurityConfiguration,idp.properties,Keystore password unlocking AES encryption keystore typically set during installation,all,,,,,idp.sealer.storePassword,STRING,, +28,SecurityConfiguration,idp.properties,Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory,all,,,,,idp.signing.cert,STRING,, +31,SecurityConfiguration,idp.properties,Resource containing an alternate private key for decryption generally unused except while changing decryption keys,all,,,,,idp.encryption.key.2,STRING,, +32,SecurityConfiguration,idp.properties,Resource containing an alternate public key certificate generally unused except while changing decryption keys,all,,,,,idp.encryption.cert.2,STRING,, +30,SecurityConfiguration,idp.properties,Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory,all,,,resource path,,idp.encryption.cert,STRING,, +29,SecurityConfiguration,idp.properties,Resource containing a private key for decryption typically a file in the credentials directory,all,,,resource path,,idp.encryption.key,STRING,, +26,SecurityConfiguration,idp.properties,Key password unlocking AES encryption key typically set to the same as the previous property and set during installation,all,,,,,idp.sealer.keyPassword,STRING,, +19,SecurityConfiguration,idp.properties,Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.,all,,,Bean ID of DataSealerKeyStrategy,shibboleth.DataSealerKeyStrategy,idp.sealer.keyStrategy,SPRING_BEAN_ID,, +44,SecurityConfiguration,idp.properties,Overrides the X509KeyInfoGeneratorFactory used by default,4.1,,,Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager),shibboleth.X509KeyInfoGeneratorFactory,idp.security.x509KeyInfoFactory,SPRING_BEAN_ID,, +35,SecurityConfiguration,idp.properties,Name of Spring bean supplying the default EncryptionConfiguration,all,,,Bean ID of EncryptionConfiguration (org.opensaml.xmlsec),shibboleth.EncryptionConfiguration.CBC,idp.encryption.config,SPRING_BEAN_ID,, +43,SecurityConfiguration,idp.properties,Overrides the BasicKeyInfoGeneratorFactory used by default,4.1,,,Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager),shibboleth.BasicKeyInfoGeneratorFactory,idp.security.basicKeyInfoFactory,SPRING_BEAN_ID,, +39,SecurityConfiguration,idp.properties,Name of Spring bean for the trust engine used to verify TLS certificates,all,,,Bean ID of TrustEngine (org.opensaml.security.trust),shibboleth.ChainingX509TrustEngine,idp.trust.certificates,SPRING_BEAN_ID,, +13,SecurityConfiguration,idp.properties,If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property,all,,,,true,idp.cookie.httpOnly,BOOLEAN,, +65,SessionConfiguration,idp.properties,Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions),4.2,,,,shib_idp_session,idp.session.cookieName,STRING,, +67,SessionConfiguration,idp.properties,Whether to bind IdP sessions to IP addresses,all,,,,true,idp.session.consistentAddress,BOOLEAN,, +63,SessionConfiguration,idp.properties,Whether to enable the IdP's session tracking feature,all,,,,true,idp.session.enabled,BOOLEAN,, +74,SessionConfiguration,idp.properties,"Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting",all,,,,PT2H,idp.session.defaultSPlifetime,DURATION,, +71,SessionConfiguration,idp.properties,Whether to hide storage failures from users during session cache reads/writes,all,,,,false,idp.session.maskStorageFailure,BOOLEAN,, +66,SessionConfiguration,idp.properties,Number of characters in IdP session identifiers,all,,,,32,idp.session.idSize,INTEGER,, +69,SessionConfiguration,idp.properties,Inactivity timeout policy for IdP sessions (must be non-zero),all,,,,PT60M,idp.session.timeout,DURATION,, +70,SessionConfiguration,idp.properties,Extra time after expiration before removing SP sessions in case a logout is invoked,all,,,,0,idp.session.slop,DURATION,, +64,SessionConfiguration,idp.properties,Bean name of a storage implementation/configuration to use for IdP sessions,all,,,Bean ID of StorageService (org.opensaml.storage),shibboleth.ClientSessionStorageService,idp.session.StorageService,SPRING_BEAN_ID,, +73,SessionConfiguration,idp.properties,"Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)",all,,,,false,idp.session.secondaryServiceIndex,BOOLEAN,, +72,SessionConfiguration,idp.properties,Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage),all,,,,false,idp.session.trackSPSessions,BOOLEAN,, +68,SessionConfiguration,idp.properties,A 2-argument predicate that compares a bound session's address to a client address,all,,,"BiPredicate",Direct string comparison,idp.session.consistentAddressCondition,STRING,, +485,SimplePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.simple.uppercase,BOOLEAN,, +486,SimplePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to trim leading and trailing whitespace from the username,4.1,,,,true,idp.c14n.simple.trim,BOOLEAN,, +484,SimplePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.simple.lowercase,BOOLEAN,, +222,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to always try to run SPNEGO independent of the user's auto-login setting,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.enforceRun,BOOLEAN,, +221,SPNEGOAuthnConfiguration,authn/authn.properties,Servlet-relative path to the SPNEGO external authentication implementation,4.1,idp.authn.SPNEGO,,URL path,/Authn/SPNEGO,idp.authn.SPNEGO.externalAuthnPath,STRING,, +224,SPNEGOAuthnConfiguration,authn/authn.properties,Regular expression to match username against,4.1,idp.authn.SPNEGO,,regex expected,,idp.authn.SPNEGO.matchExpression,STRING,, +238,SPNEGOAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.SPNEGO,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, saml1/urn:ietf:rfc:1510",idp.authn.SPNEGO.supportedPrincipals,STRING,, +230,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.SPNEGO,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.SPNEGO.proxyRestrictionsEnforced,BOOLEAN,, +225,SPNEGOAuthnConfiguration,authn/authn.properties,Name of cookie used to track auto-login state of client,4.2,idp.authn.SPNEGO,,,_idp_spnego_autologin,idp.authn.SPNEGO.cookieName,STRING,, +226,SPNEGOAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.SPNEGO,,,1000,idp.authn.SPNEGO.order,INTEGER,, +237,SPNEGOAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer controlling result reuse for SSO,4.1,idp.authn.SPNEGO,,,shibboleth.Conditions.TRUE,idp.authn.SPNEGO.reuseCondition,SPRING_BEAN_ID,, +236,SPNEGOAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.SPNEGO,,,shibboleth.Conditions.TRUE,idp.authn.SPNEGO.activationCondition,SPRING_BEAN_ID,, +234,SPNEGOAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.SPNEGO,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.SPNEGO.inactivityTimeout,DURATION,, +239,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.SPNEGO,,,true,idp.authn.SPNEGO.addDefaultPrincipals,BOOLEAN,, +233,SPNEGOAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.SPNEGO,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.SPNEGO.lifetime,DURATION,, +223,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.refreshKrbConfig,BOOLEAN,, +227,SPNEGOAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.nonBrowserSupported,BOOLEAN,, +228,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.passiveAuthenticationSupported,BOOLEAN,, +229,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.forcedAuthenticationSupported,BOOLEAN,, +231,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.proxyScopingEnforced,BOOLEAN,, +232,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.discoveryRequired,BOOLEAN,, +430,Status,admin/admin.properties,?,4.1,,,,,idp.status.postAuthenticationFlows,STRING,, +428,Status,admin/admin.properties,?,4.1,,,,,idp.status.defaultAuthenticationMethods,STRING,, +426,Status,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.status.authenticated,BOOLEAN,, +425,Status,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.status.accessPolicy,STRING,, +429,Status,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.status.resolveAttributes,BOOLEAN,, +427,Status,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.status.nonBrowserSupported,BOOLEAN,, +424,Status,admin/admin.properties,Audit log identifier for flow,4.1,,,,Status,idp.status.logging,STRING,, +57,StorageConfiguration,idp.properties,Interval of background thread sweeping server-side storage for expired records,all,,,,PT10M,idp.storage.cleanupInterval,DURATION,, +8,StorageConfiguration,idp.properties,Storage back-end to use for short-lived SAML Artifact mappings (must be server-side),all,,,Bean ID of a StorageService (org.opensaml.storage),shibboleth.StorageService,idp.artifact.StorageService,SPRING_BEAN_ID,, +60,StorageConfiguration,idp.properties,Name of cookie or HTML storage key used by the default persistent instance of the client storage service,all,,,,shib_idp_persistent_ss,idp.storage.clientPersistentStorageName,STRING,, +61,StorageConfiguration,idp.properties,Storage back-end to use for message replay checking (must be server-side),all,,,Bean ID of a StorageService (org.opensaml.storage),shibboleth.StorageService,idp.replayCache.StorageService,SPRING_BEAN_ID,, +58,StorageConfiguration,idp.properties,Whether to use HTML Local Storage (if available) instead of cookies,all,,,,false,idp.storage.htmlLocalStorage,BOOLEAN,, +59,StorageConfiguration,idp.properties,Name of cookie or HTML storage key used by the default per-session instance of the client storage service,all,,,,shib_idp_session_ss,idp.storage.clientSessionStorageName,STRING,, +62,StorageConfiguration,idp.properties,Whether storage errors during replay checks should be treated as a replay,all,,,,true,idp.replayCache.strict,BOOLEAN,, +622,TOTP,authn/authn.properties,Name of HTML form field to use for locating browser-submitted token codes,4.1,idp.authn.TOTP,1,,tokencode,idp.authn.TOTP.fieldName,STRING,, +627,TOTP,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.TOTP,1,,true,idp.authn.TOTP.forcedAuthenticationSupported,BOOLEAN,, +636,TOTP,authn/authn.properties,Comma-delimited list of protocol-specific Principalstrings associated with flow,4.1,idp.authn.TOTP,1,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken",idp.authn.TOTP.supportedPrincipals,STRING,, +623,TOTP,authn/authn.properties,Name of IdPAttribute to resolve to obtain token seeds for users,4.1,idp.authn.TOTP,1,,tokenSeeds,idp.authn.TOTP.tokenSeedAttribute,STRING,, +621,TOTP,authn/authn.properties,Name of request header to use for extracting non-browser submitted token codes,4.1,idp.authn.TOTP,1,,X-Shibboleth-TOTP,idp.authn.TOTP.headerName,STRING,, +624,TOTP,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.TOTP,1,,1000,idp.authn.TOTP.order,INTEGER,, +626,TOTP,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.passiveAuthenticationSupported,BOOLEAN,, +625,TOTP,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.nonBrowserSupported,BOOLEAN,, +628,TOTP,authn/authn.properties,Whether the flow enforces upstream IdP-imposed restrictions on proxying,4.1,idp.authn.TOTP,1,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.TOTP.proxyRestrictionsEnforced,BOOLEAN,, +634,TOTP,authn/authn.properties,Bean ID ofPredicate determining whether flow is usable for request,4.1,idp.authn.TOTP,1,,shibboleth.Conditions.TRUE,idp.authn.TOTP.activationCondition,SPRING_BEAN_ID,, +632,TOTP,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.TOTP,1,,%{idp.authn.defaultTimeout:PT30M},idp.authn.TOTP.inactivityTimeout,DURATION,, +631,TOTP,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.TOTP,1,,%{idp.authn.defaultLifetime:PT1H},idp.authn.TOTP.lifetime,DURATION,, +633,TOTP,authn/authn.properties,Bean ID ofPredicate controlling result reuse for SSO,4.1,idp.authn.TOTP,1,,shibboleth.Conditions.TRUE,idp.authn.TOTP.reuseCondition,SPRING_BEAN_ID,, +635,TOTP,authn/authn.properties,"Bean ID ofBiConsumer for subject customization",4.1,idp.authn.TOTP,1,,,idp.authn.TOTP.subjectDecorator,SPRING_BEAN_ID,, +629,TOTP,authn/authn.properties,Whether the flow considers itself to be proxying,4.1,idp.authn.TOTP,1,and therefore enforces SP-signaled restrictions on proxying,false,idp.authn.TOTP.proxyScopingEnforced,BOOLEAN,, +630,TOTP,authn/authn.properties,Whether to invoke IdP-discovery prior to running flow,4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.discoveryRequired,BOOLEAN,, +637,TOTP,authn/authn.properties,Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow,4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.addDefaultPrincipals,BOOLEAN,, +496,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to trim leading and trailing whitespace from the username,4.1,,,,true,idp.c14n.x500.trim,BOOLEAN,, +498,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of attribute OIDs to search for in the subject DN,4.1,,,Comma seperated list of integer values,"2,5,4,3",idp.c14n.x500.objectIDs,STRING,, +495,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.x500.uppercase,BOOLEAN,, +494,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.x500.lowercase,BOOLEAN,, +497,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of subjectAltName extension types to look for,4.1,,,Comma seperated list of integer values,,idp.c14n.x500.subjectAltNameTypes,STRING,, +241,X509AuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.X509,,,1000,idp.authn.X509.order,INTEGER,, +245,X509AuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.X509,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.X509.proxyRestrictionsEnforced,BOOLEAN,, +252,X509AuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,idp.authn.X509,,,shibboleth.Conditions.TRUE,idp.authn.X509.activationCondition,SPRING_BEAN_ID,, +250,X509AuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.X509,,,shibboleth.Conditions.TRUE,idp.authn.X509.reuseCondition,SPRING_BEAN_ID,, +253,X509AuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.X509,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246",idp.authn.X509.supportedPrincipals,STRING,, +247,X509AuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.X509,,,false,idp.authn.X509.discoveryRequired,BOOLEAN,, +246,X509AuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.X509,,,false,idp.authn.X509.proxyScopingEnforced,BOOLEAN,, +254,X509AuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.X509,,,true,idp.authn.X509.addDefaultPrincipals,BOOLEAN,, +244,X509AuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.X509,,,false,idp.authn.X509.forcedAuthenticationSupported,BOOLEAN,, +243,X509AuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.X509,,,false,idp.authn.X509.passiveAuthenticationSupported,BOOLEAN,, +261,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,,,,false,idp.authn.X509Internal.proxyScopingEnforced,BOOLEAN,, +259,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,,,,false,idp.authn.X509Internal.forcedAuthenticationSupported,BOOLEAN,, +258,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,,,,false,idp.authn.X509Internal.passiveAuthenticationSupported,BOOLEAN,, +257,X509InternalAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,,,,false,idp.authn.X509Internal.nonBrowserSupported,BOOLEAN,, +255,X509InternalAuthnConfiguration,authn/authn.properties,Whether to save the certificate into the Subject's public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.,4.1,,,,true,idp.authn.X509Internal.saveCertificateToCredentialSet,BOOLEAN,, +269,X509InternalAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,,,,true,idp.authn.X509Internal.addDefaultPrincipals,BOOLEAN,, +260,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.X509Internal.proxyRestrictionsEnforced,BOOLEAN,, +256,X509InternalAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,,,,1000,idp.authn.X509Internal.order,INTEGER,, +264,X509InternalAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.X509Internal.inactivityTimeout,DURATION,, +267,X509InternalAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.X509Internal.activationCondition,SPRING_BEAN_ID,, +265,X509InternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.X509Internal.reuseCondition,SPRING_BEAN_ID,, +262,X509InternalAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,,,,false,idp.authn.X509Internal.discoveryRequired,BOOLEAN,, \ No newline at end of file From 70e9420d876c96b23f48bf7d0459bffb5c0d8ef0 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 17 Aug 2022 15:20:59 -0700 Subject: [PATCH 43/58] SHIBUI-2268 load custom properties to database from application.yml file --- .../CustomPropertiesConfiguration.java | 28 ++++++++++++++++++- .../ui/service/ShibConfigurationService.java | 2 ++ .../service/ShibConfigurationServiceImpl.java | 5 ++++ backend/src/main/resources/application.yml | 25 ++++++++--------- 4 files changed, 46 insertions(+), 14 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java index 9a85e48a2..c2a032f36 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java @@ -4,6 +4,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.service.CustomEntityAttributesDefinitionService; +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import edu.internet2.tier.shibboleth.admin.ui.service.events.CustomEntityAttributeDefinitionChangeEvent; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.context.properties.ConfigurationProperties; @@ -29,6 +30,8 @@ public class CustomPropertiesConfiguration implements ApplicationListener shibprops = new ArrayList<>(); + private ShibConfigurationService shibConfigurationService; + private void buildRelyingPartyOverrides() { // Start over with a clean map and get the CustomEntityAttributesDefinitions from the DB HashMap reloaded = new HashMap<>(); @@ -81,13 +84,36 @@ public void setCeadService(CustomEntityAttributesDefinitionService ceadService) this.ceadService = ceadService; } + @Autowired + public void setShibConfigurationService(ShibConfigurationService service) { + this.shibConfigurationService = service; + } + /** - * This setter will get used by Spring's property system to create objects from a config file (should the properties exist) + * This setter will get used by Spring's property system to create objects from application.yml (should the properties exist) */ public void setOverrides(List overridesFromConfigFile) { this.overridesFromConfigFile = overridesFromConfigFile; } + /** + * This setter will get used by Spring's property system to create objects from application.yml (should the properties exist) + */ + public void setShibprops(List props) { + this.shibprops = props; + } + + /** + * Add any custom properties from the application.yml - any incoming property with the same name as an existing property will be + * ignored (ie this will not update/replace information for existing properties). This shouldn't be considered standard, but + * offers users the ability to add properties to their system from an addon module, new feature etc. + */ private void updateShibPropsDatabase() { + List existingPropNames = shibConfigurationService.getExistingPropertyNames(); + shibprops.forEach(prop -> { + if (!existingPropNames.contains(prop.getPropertyName())) { + shibConfigurationService.save(prop); + } + }); } } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index 504c60956..b6c39ec44 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -9,4 +9,6 @@ public interface ShibConfigurationService { void addAll(Collection newProperties); List getExistingPropertyNames(); + + void save(ShibConfigurationProperty prop); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index d9d29c37f..8456940aa 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -22,4 +22,9 @@ public void addAll(Collection newProperties) { public List getExistingPropertyNames() { return repository.getPropertyNames(); } + + @Override + public void save(ShibConfigurationProperty prop) { + repository.save(prop); + } } \ No newline at end of file diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index 09d922b1c..31e5eeb5a 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -163,16 +163,15 @@ custom: helpText: tooltip.ignore-request-signatures attributeName: http://shibboleth.net/ns/profiles/ignoreRequestSignatures attributeFriendlyName: ignoreRequestSignatures - shibprops: - - category: asd # required - configFile: kj # required - defaultValue: foo - description: blak - idpVersion: 4.1 # required - module: h - moduleVersion: 1 - note: nnn - propertyName: dddd # required - propertyType: dddd # required as one of: BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING - propertyValue: dddd - selectionItems: dddd,dddd # required if propertyType is SELECTION_LIST - comma seperated values \ No newline at end of file +# shibprops: +# - category: main # required +# configFile: random.properties # required +# defaultValue: foo +# description: whatever +# idpVersion: 4.1 # required +# module: some random module +# moduleVersion: 1 +# note: this is an example for the application.yml file +# propertyName: example.property.name # required +# propertyType: SELECTION_LIST # required as one of: BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING +# selectionItems: dddd,eeee # required if propertyType is SELECTION_LIST - comma seperated values \ No newline at end of file From a57f9b63b21093e38733e935f5223c837d7ecf5b Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 17 Aug 2022 15:29:17 -0700 Subject: [PATCH 44/58] SHIBUI-2268 Created controller and endpoint to fetch all the properties --- .../controller/ShibPropertiesController.java | 25 +++++++++++++++++++ .../ui/service/ShibConfigurationService.java | 2 ++ .../service/ShibConfigurationServiceImpl.java | 5 ++++ 3 files changed, 32 insertions(+) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java new file mode 100644 index 000000000..a96e2db5d --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -0,0 +1,25 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller; + +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; +import io.swagger.v3.oas.annotations.tags.Tag; +import io.swagger.v3.oas.annotations.tags.Tags; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.ResponseEntity; +import org.springframework.transaction.annotation.Transactional; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@RequestMapping(value = "/api/shib") +@Tags(value = {@Tag(name = "Shibboleth Properties")}) +public class ShibPropertiesController { + @Autowired + private ShibConfigurationService service; + + @GetMapping("/properties") + @Transactional(readOnly = true) + public ResponseEntity getAll() { + return ResponseEntity.ok(service.getAll()); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index b6c39ec44..e1eaf5897 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -11,4 +11,6 @@ public interface ShibConfigurationService { List getExistingPropertyNames(); void save(ShibConfigurationProperty prop); + + List getAll(); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index 8456940aa..1fec3181d 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -27,4 +27,9 @@ public List getExistingPropertyNames() { public void save(ShibConfigurationProperty prop) { repository.save(prop); } + + @Override + public List getAll() { + return repository.findAll(); + } } \ No newline at end of file From 4ac5009184e3e906d24acbaf9f85c192c83193a4 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 17 Aug 2022 16:30:15 -0700 Subject: [PATCH 45/58] SHIBUI-2268 Adjusted code for better output to the UI of the properties list --- .../ui/domain/ShibConfigurationProperty.java | 26 ++++++++++++++++--- .../util/EmptyStringToNullConverter.java | 21 +++++++++++++++ 2 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java index 345592ae3..eb0f4ea77 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java @@ -1,9 +1,12 @@ package edu.internet2.tier.shibboleth.admin.ui.domain; +import com.fasterxml.jackson.annotation.JsonIgnore; +import edu.internet2.tier.shibboleth.admin.util.EmptyStringToNullConverter; import lombok.Data; import org.hibernate.envers.Audited; import javax.persistence.Column; +import javax.persistence.Convert; import javax.persistence.Entity; import javax.persistence.Id; import java.util.UUID; @@ -23,35 +26,52 @@ public class ShibConfigurationProperty { String configFile; @Column(name = "default_value") + @Convert(converter = EmptyStringToNullConverter.class) String defaultValue; @Column(name = "description") + @Convert(converter = EmptyStringToNullConverter.class) String description; @Column(name = "idp_version", nullable = false) String idpVersion; @Column(name = "module") + @Convert(converter = EmptyStringToNullConverter.class) String module; @Column(name = "module_version") + @Convert(converter = EmptyStringToNullConverter.class) String moduleVersion; @Column(name = "note") + @Convert(converter = EmptyStringToNullConverter.class) String note; @Column(name = "property_name", nullable = false) String propertyName; @Column(name = "property_type", nullable = false) + @JsonIgnore // display type is sent to the ui instead PropertyType propertyType; - @Column(name = "property_value") - String propertyValue; - @Column(name = "selection_items") + @Convert(converter = EmptyStringToNullConverter.class) String selectionItems; + public String getDisplayType() { + switch (propertyType) { + case BOOLEAN: + return propertyType.name().toLowerCase(); + case INTEGER: + return "number"; + case SELECTION_LIST: + return "list"; + default: // DURATION, SPRING_BEAN_ID, STRING + return "string"; + } + } + public void setPropertyType(String val) { this.propertyType = PropertyType.valueOf(val); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java new file mode 100644 index 000000000..0e3073bfc --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java @@ -0,0 +1,21 @@ +package edu.internet2.tier.shibboleth.admin.util; + +import org.apache.commons.lang3.StringUtils; + +import javax.persistence.AttributeConverter; +import javax.persistence.Converter; + +@Converter +public class EmptyStringToNullConverter implements AttributeConverter { + @Override + public String convertToDatabaseColumn(String string) { + // if whitespace is set on a value, send null to the db + return StringUtils.defaultIfBlank(string, null); + } + + @Override + public String convertToEntityAttribute(String dbData) { + // keep nulls from the db as nulls + return dbData; + } +} \ No newline at end of file From 5bf13c34c4ce658bcce8d2c89677a4622f00dea4 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Fri, 19 Aug 2022 12:31:33 -0700 Subject: [PATCH 46/58] Updated search --- .../main/resources/i18n/messages.properties | 7 + ui/public/data/properties.json | 8529 +++++++++++++++-- .../app/admin/component/ConfigurationForm.js | 141 +- .../app/admin/container/EditConfiguration.js | 10 +- .../app/admin/container/NewConfiguration.js | 35 +- .../app/admin/hoc/ConfigurationsProvider.js | 18 +- ui/src/app/admin/hoc/PropertiesProvider.js | 50 + ui/src/app/admin/hooks.js | 14 +- ui/src/app/form/component/ToggleButton.js | 23 + .../form/component/widgets/OptionWidget.js | 20 +- ui/src/theme/project/index.scss | 1 + ui/src/theme/project/typeahead.scss | 43 + 12 files changed, 8171 insertions(+), 720 deletions(-) create mode 100644 ui/src/app/admin/hoc/PropertiesProvider.js create mode 100644 ui/src/app/form/component/ToggleButton.js create mode 100644 ui/src/theme/project/typeahead.scss diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index c225aa4c3..95a496e69 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -78,6 +78,9 @@ action.select-bundle=Select Bundle action.get-latest=Get latest +action.configurations=Shibboleth configurations +action.create-new-configuration=Create Shibboleth configuration set + value.enabled=Enabled value.disabled=Disabled value.current=Current @@ -530,6 +533,10 @@ label.role-name=Role Name label.role-description=Role Description label.role=Role +label.configuration-management=Manage Shibboleth configurations +label.configuration-name=Shibboleth configuration sets +label.new-configuration=Create new configuration set + message.delete-role-title=Delete Role? message.delete-role-body=You are requesting to delete a role. If you complete this process the role will be removed. This cannot be undone. Do you wish to continue? diff --git a/ui/public/data/properties.json b/ui/public/data/properties.json index a022a4fd5..dea2860f5 100644 --- a/ui/public/data/properties.json +++ b/ui/public/data/properties.json @@ -1,659 +1,7874 @@ [ -{"note":"ex. /conf/ldap.properties, /conf/services.properties","property_name":"idp.additionalProperties","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set."}, -{"note":"","property_name":"idp.searchForProperties","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-load all files matching conf/**/*.properties"}, -{"note":"ex. https://unicon.net/idp/shibboleth","property_name":"idp.entityID","idp_vers":"all","property_default_value":"none","property_type":"URI","module_vers":"","configuration_cat":"RP","module":"","description":"The unique name of the IdP used as the iisuer in all SAML profiles"}, -{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, -{"note":"","property_name":"idp.artifact.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether to allow use of the SAML artifact bindings when sending messages"}, -{"note":"","property_name":"idp.artifact.secureChannel","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)"}, -{"note":"","property_name":"idp.artifact.endpointIndex","idp_vers":"all","property_default_value":"2","property_type":"int","module_vers":"","configuration_cat":"RP","module":"","description":"Identifies the endpoint in SAML metadata associated with artifacts issued by a server node"}, -{"note":"","property_name":"idp.artifact.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)"}, -{"note":"","property_name":"idp.bindings.inMetadataOrder","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout."}, -{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"file pathname","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, -{"note":"","property_name":"idp.scope","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"applies a (fixed) scope typically a domain-valued suffix to an input attribute's values"}, -{"note":"","property_name":"idp.cookie.secure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will be limited to TLS"}, -{"note":"","property_name":"idp.cookie.httpOnly","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property"}, -{"note":"","property_name":"idp.cookie.domain","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the domain of any cookies issued by the IdP (not including the container)"}, -{"note":"","property_name":"idp.cookie.path","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the path of any cookies issued by the IdP (not including the container)"}, -{"note":"","property_name":"idp.cookie.maxAge","idp_vers":"all","property_default_value":"31536000","property_type":"int","module_vers":"","configuration_cat":"SEC","module":"","description":"Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)"}, -{"note":"","property_name":"idp.cookie.sameSite","idp_vers":"all","property_default_value":"None","property_type":"Null/None/Lax/Strict","module_vers":"","configuration_cat":"SEC","module":"","description":"Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified"}, -{"note":"","property_name":"idp.cookie.sameSiteCondition","idp_vers":"all","property_default_value":"shibboleth.Conditions.FALSE","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SEC","module":"","description":"Predicate condition bean controlling whether SameSite filter runs"}, -{"note":"","property_name":"idp.sealer.keyStrategy","idp_vers":"all","property_default_value":"shibboleth.DataSealerKeyStrategy","property_type":"Bean ID of DataSealerKeyStrategy","module_vers":"","configuration_cat":"SEC","module":"","description":"Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option."}, -{"note":"","property_name":"idp.sealer.storeType","idp_vers":"all","property_default_value":"JCEKS","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Type of Java keystore used for IdP's internal AES encryption key"}, -{"note":"","property_name":"idp.sealer.updateInterval","idp_vers":"all","property_default_value":"PT15M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Time between checks for a new AES key version"}, -{"note":"","property_name":"idp.sealer.aliasBase","idp_vers":"all","property_default_value":"secret","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)"}, -{"note":"","property_name":"idp.sealer.storeResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore resource containing AES encryption key usually a file path"}, -{"note":"","property_name":"idp.sealer.versionResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource that tracks the active AES encryption key version usually a file path"}, -{"note":"","property_name":"idp.sealer.storePassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore password unlocking AES encryption keystore typically set during installation"}, -{"note":"","property_name":"idp.sealer.keyPassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Key password unlocking AES encryption key typically set to the same as the previous property and set during installation"}, -{"note":"","property_name":"idp.signing.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing private key for signing typically a file in the credentials directory"}, -{"note":"","property_name":"idp.signing.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory"}, -{"note":"","property_name":"idp.encryption.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a private key for decryption typically a file in the credentials directory"}, -{"note":"","property_name":"idp.encryption.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory"}, -{"note":"","property_name":"idp.encryption.key.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate private key for decryption generally unused except while changing decryption keys"}, -{"note":"","property_name":"idp.encryption.cert.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate public key certificate generally unused except while changing decryption keys"}, -{"note":"","property_name":"idp.security.config","idp_vers":"all","property_default_value":"shibboleth.DefaultSecurityConfiguration","property_type":"Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SecurityConfiguration "}, -{"note":"","property_name":"idp.signing.config","idp_vers":"all","property_default_value":"shibboleth.SigningConfiguration.SHA256","property_type":"Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SignatureSigningConfiguration"}, -{"note":"","property_name":"idp.encryption.config","idp_vers":"all","property_default_value":"shibboleth.EncryptionConfiguration.CBC","property_type":"Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default EncryptionConfiguration"}, -{"note":"","property_name":"idp.encryption.optional","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true failure to locate an encryption key to use won't result in request failure "}, -{"note":"","property_name":"idp.encryption.keyagreement.metadata.defaultUseKeyWrap","idp_vers":"all","property_default_value":"Default","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration"}, -{"note":"","property_name":"idp.trust.signatures","idp_vers":"all","property_default_value":"shibboleth.ChainingSignatureTrustEngine","property_type":"Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify signatures"}, -{"note":"","property_name":"idp.trust.certificates","idp_vers":"all","property_default_value":"shibboleth.ChainingX509TrustEngine","property_type":"Bean ID of TrustEngine (org.opensaml.security.trust)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify TLS certificates"}, -{"note":"","property_name":"idp.policy.messageLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped messages"}, -{"note":"","property_name":"idp.policy.assertionLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped assertions"}, -{"note":"","property_name":"idp.policy.clockSkew","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default allowance for clock differences between systems"}, -{"note":"","property_name":"idp.security.basicKeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.BasicKeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the BasicKeyInfoGeneratorFactory used by default"}, -{"note":"","property_name":"idp.security.x509KeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.X509KeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the X509KeyInfoGeneratorFactory used by default"}, -{"note":"","property_name":"idp.csrf.enabled","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CSRF","module":"","description":"Enables CSRF protection"}, -{"note":"","property_name":"idp.csrf.token.parameter","idp_vers":"4","property_default_value":"csrf_token","property_type":"string","module_vers":"","configuration_cat":"CSRF","module":"","description":"Name of the HTTP parameter that stores the CSRF token"}, -{"note":"","property_name":"idp.hsts","idp_vers":"all","property_default_value":"max-age=0","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an HSTS response header"}, -{"note":"","property_name":"idp.frameoptions","idp_vers":"all","property_default_value":"DENY","property_type":"DENY/SAMEORIGIN","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an X-Frame-Options response header"}, -{"note":"","property_name":"idp.csp","idp_vers":"all","property_default_value":"frame-ancestors 'none'","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures a Content Security Policy response header"}, -{"note":"","property_name":"idp.webflows","idp_vers":"all","property_default_value":"%{idp.home}/flows","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-supplied webflows from"}, -{"note":"","property_name":"idp.views","idp_vers":"all","property_default_value":"%{idp.home}/views","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading."}, -{"note":"","property_name":"idp.errors.detailed","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to expose detailed error causes in status information provided to outside parties"}, -{"note":"","property_name":"idp.errors.signed","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)"}, -{"note":"","property_name":"idp.errors.defaultView","idp_vers":"all","property_default_value":"error","property_type":"string","module_vers":"","configuration_cat":"ERR","module":"","description":"The default view name to render for exceptions and events"}, -{"note":"","property_name":"idp.errors.excludedExceptions","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Properties (java.util.Properties)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class)."}, -{"note":"","property_name":"idp.errors.exceptionMappings","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Collection (java.util)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)"}, -{"note":"","property_name":"idp.storage.cleanupInterval","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"STOR","module":"","description":"Interval of background thread sweeping server-side storage for expired records"}, -{"note":"","property_name":"idp.storage.htmlLocalStorage","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether to use HTML Local Storage (if available) instead of cookies"}, -{"note":"","property_name":"idp.storage.clientSessionStorageName","idp_vers":"all","property_default_value":"shib_idp_session_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default per-session instance of the client storage service"}, -{"note":"","property_name":"idp.storage.clientPersistentStorageName","idp_vers":"all","property_default_value":"shib_idp_persistent_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default persistent instance of the client storage service"}, -{"note":"","property_name":"idp.replayCache.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for message replay checking (must be server-side)"}, -{"note":"","property_name":"idp.replayCache.strict","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether storage errors during replay checks should be treated as a replay"}, -{"note":"","property_name":"idp.session.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to enable the IdP's session tracking feature"}, -{"note":"","property_name":"idp.session.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientSessionStorageService","property_type":"Bean ID of StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"SESS","module":"","description":"Bean name of a storage implementation/configuration to use for IdP sessions"}, -{"note":"","property_name":"idp.session.cookieName","idp_vers":"4.2","property_default_value":"shib_idp_session","property_type":"string","module_vers":"","configuration_cat":"SESS","module":"","description":"Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)"}, -{"note":"","property_name":"idp.session.idSize","idp_vers":"all","property_default_value":"32","property_type":"int","module_vers":"","configuration_cat":"SESS","module":"","description":"Number of characters in IdP session identifiers"}, -{"note":"","property_name":"idp.session.consistentAddress","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to bind IdP sessions to IP addresses"}, -{"note":"","property_name":"idp.session.consistentAddressCondition","idp_vers":"all","property_default_value":"Direct string comparison","property_type":"BiPredicate","module_vers":"","configuration_cat":"SESS","module":"","description":"A 2-argument predicate that compares a bound session's address to a client address"}, -{"note":"","property_name":"idp.session.timeout","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Inactivity timeout policy for IdP sessions (must be non-zero)"}, -{"note":"","property_name":"idp.session.slop","idp_vers":"all","property_default_value":"0","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Extra time after expiration before removing SP sessions in case a logout is invoked"}, -{"note":"","property_name":"idp.session.maskStorageFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to hide storage failures from users during session cache reads/writes"}, -{"note":"","property_name":"idp.session.trackSPSessions","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)"}, -{"note":"","property_name":"idp.session.secondaryServiceIndex","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)"}, -{"note":"","property_name":"idp.session.defaultSPlifetime","idp_vers":"all","property_default_value":"PT2H","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting"}, -{"note":" ex. Password, MA, DUO","property_name":"idp.authn.flows","idp_vers":"all","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Required expression that identifies the login flows to globally enable"}, -{"note":" measured since first usage","property_name":"idp.authn.defaultLifetime","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default amount of time to allow reuse prior authentication flows"}, -{"note":" measured since last usage","property_name":"idp.authn.defaultTimeout","idp_vers":"all","property_default_value":"PT30M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default inactivity timeout to prevent reuse of prior authentication flows"}, -{"note":"","property_name":"idp.authn.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication"}, -{"note":"","property_name":"idp.authn.favorSSO","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to prioritize prior authentication results when an SP requests more than one possible matching method"}, -{"note":"","property_name":"idp.authn.rpui","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to populate information about the relying party into the tree for user interfaces during login and interceptors"}, -{"note":"","property_name":"idp.authn.identitySwitchIsError","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session."}, -{"note":"","property_name":"idp.authn.discoveryURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose"}, -{"note":"","property_name":"idp.authn.overrideRequestedAuthnContext","idp_vers":"4","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set."}, -{"note":"","property_name":"idp.consent.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientPersistentStorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of storage service used to store users' consent choices"}, -{"note":"","property_name":"idp.consent.attribute-release.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, -{"note":"","property_name":"idp.consent.attribute-release.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, -{"note":"","property_name":"idp.consent.attribute-release.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of attribute-release flow along with system default behavior"}, -{"note":"","property_name":"idp.consent.attribute-release.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, -{"note":"","property_name":"idp.consent.terms-of-use.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, -{"note":"","property_name":"idp.consent.terms-of-use.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, -{"note":"","property_name":"idp.consent.terms-of-use.consentValueMessageCodeSuffix","idp_vers":"all","property_default_value":".text","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Suffix of message property used as value of consent storage records when idp.consent.compareValues is true"}, -{"note":"","property_name":"idp.consent.terms-of-use.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of terms-of-use flow"}, -{"note":"","property_name":"idp.consent.terms-of-use.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, -{"note":"","property_name":"idp.consent.allowDoNotRemember","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether not remembering/storing consent is allowed"}, -{"note":"","property_name":"idp.consent.allowGlobal","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether consent to any attribute and to any relying party is allowed"}, -{"note":"","property_name":"idp.consent.allowPerAttribute","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether per-attribute consent is allowed"}, -{"note":"","property_name":"idp.consent.compareValues","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether attribute values and terms of use text are stored and compared for equality"}, -{"note":"","property_name":"idp.consent.maxStoredRecords","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit"}, -{"note":"","property_name":"idp.consent.expandedMaxStoredRecords","idp_vers":"all","property_default_value":"0","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using larger/server-side storage, 0 = no limit"}, -{"note":"","property_name":"idp.consent.storageRecordLifetime","idp_vers":"4.x","property_default_value":"(v4.0=P1Y,v4.1=infinite)","property_type":"duration","module_vers":"","configuration_cat":"CONS","module":"","description":"Time in milliseconds to expire consent storage records"}, -{"note":"","property_name":"idp.logout.elaboration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to search metadata for user interface information associated with every service involved in logout propagation"}, -{"note":"","property_name":"idp.logout.authenticated","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to require signed logout messages in accordance with the SAML 2.0 standard"}, -{"note":"","property_name":"idp.logout.promptUser","idp_vers":"all","property_default_value":"false","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SLO","module":"","description":"If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session"}, -{"note":"","property_name":"idp.logout.preserveQuery","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic"}, -{"note":"","property_name":"idp.logout.assumeAsync","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints"}, -{"note":"","property_name":"idp.logout.propagationHidden","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user"}, -{"note":"","property_name":"idp.soap.httpClient","idp_vers":"all","property_default_value":"SOAPClient.HttpClient","property_type":"Bean ID of HttpClient to use for SOAP-based logout","module_vers":"","configuration_cat":"IDP","module":"","description":"Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)"}, -{"note":"ex. en, fr, de","property_name":"idp.ui.fallbackLanguages","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited list","module_vers":"","configuration_cat":"IDP","module":"","description":"languages to use if no match can be found with the browser-supported languages"}, -{"note":"","property_name":"idp.cas.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CAS","module":"","description":"Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)"}, -{"note":"","property_name":"idp.cas.serviceRegistryClass","idp_vers":"all","property_default_value":"net.shibboleth.idp.cas.service.PatternServiceRegistry","property_type":"?","module_vers":"","configuration_cat":"CAS","module":"","description":"CAS service registry implementation class"}, -{"note":"","property_name":"idp.cas.relyingPartyIdFromMetadata","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CAS","module":"","description":"If true CAS services provisioned with SAML metadata are identified via entityID"}, -{"note":"","property_name":"idp.fticks.federation","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Enables F-TICKS output and specifies the value of the federation-identifier field"}, -{"note":"","property_name":"idp.fticks.condition","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"FTICK","module":"","description":"Optional bean name of a Predicate to use to decide whether to run"}, -{"note":"","property_name":"idp.fticks.algorithm","idp_vers":"all","property_default_value":"SHA-2","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Digest algorithm used to obscure usernames"}, -{"note":"","property_name":"idp.fticks.salt","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"A salt to apply when digesting usernames (if not specified, the username will not be included)"}, -{"note":"","property_name":"idp.fticks.loghost","idp_vers":"all","property_default_value":"localhost","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog host"}, -{"note":"","property_name":"idp.fticks.logport","idp_vers":"all","property_default_value":"514","property_type":"int","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog port"}, -{"note":"","property_name":"idp.audit.shortenBindings","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SERV","module":"","description":"Set false if you want SAML bindings \"spelled out\" in audit log"}, -{"note":"","property_name":"idp.velocity.runtime.strictmode","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Set to true to fail on velocity syntax errors"}, -{"note":"","property_name":"idp.intercept.External.externalPath","idp_vers":"all","property_default_value":"contextRelative:intercept.jsp","property_type":"path","module_vers":"","configuration_cat":"IDP","module":"","description":"Path to use with External interceptor flow"}, -{"note":"","property_name":"idp.impersonate.generalPolicy","idp_vers":"all","property_default_value":"GeneralImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, -{"note":"","property_name":"idp.impersonate.specificPolicy","idp_vers":"all","property_default_value":"SpecificImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, -{"note":"","property_name":"idp.authn.LDAP.authenticator","idp_vers":"all","property_default_value":"anonSearchAuthenticator","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator"}, -{"note":" ex. ldap://localhost or ldaps://localhost","property_name":"idp.authn.LDAP.ldapURL","idp_vers":"all","property_default_value":"none","property_type":"LDAP URI","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection URI for LDAP directory"}, -{"note":"","property_name":"idp.authn.LDAP.useStartTLS","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether StartTLS should be used after connecting with LDAP alone."}, -{"note":"","property_name":"idp.authn.LDAP.connectTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for the TCP connection to occur."}, -{"note":"","property_name":"idp.authn.LDAP.responseTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for an LDAP response message"}, -{"note":"","property_name":"idp.authn.LDAP.connectionStrategy","idp_vers":"all","property_default_value":"ACTIVE_PASSIVE","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM"}, -{"note":"","property_name":"idp.authn.LDAP.sslConfig","idp_vers":"all","property_default_value":"certificateTrust","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust"}, -{"note":"ex. %{idp.home}/credentials/ldap-server.crt","property_name":"idp.authn.LDAP.trustCertificates","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load trust anchors from when using sslConfig = certificateTrust"}, -{"note":"ex. %{idp.home}/credentials/ldap-server.truststore","property_name":"idp.authn.LDAP.trustStore","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust"}, -{"note":"","property_name":"idp.authn.LDAP.returnAttributes","idp_vers":"all","property_default_value":"none","property_type":"comma-seperated strings","module_vers":"","configuration_cat":"LDAP","module":"","description":"List of attributes to request during authentication"}, -{"note":"","property_name":"idp.authn.LDAP.baseDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.subtreeSearch","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.userFilter","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.bindDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.bindDNCredential","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties"}, -{"note":"ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com","property_name":"idp.authn.LDAP.dnFormat","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.resolveEntryOnFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails."}, -{"note":"","property_name":"idp.authn.LDAP.resolveEntryWithBindDN","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user."}, -{"note":"","property_name":"idp.authn.LDAP.usePasswordPolicy","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Policy Control."}, -{"note":"","property_name":"idp.authn.LDAP.usePasswordExpiration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Expired Control."}, -{"note":"","property_name":"idp.authn.LDAP.activeDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types."}, -{"note":"","property_name":"idp.authn.LDAP.freeIPADirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product."}, -{"note":"","property_name":"idp.authn.LDAP.eDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product."}, -{"note":"","property_name":"idp.authn.LDAP.disablePooling","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether connection pools should be used for LDAP authentication and DN resolution"}, -{"note":"","property_name":"idp.pool.LDAP.minSize","idp_vers":"all","property_default_value":"3","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Minimum LDAP connection pool size"}, -{"note":"","property_name":"idp.pool.LDAP.maxSize","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Maximum LDAP connection pool size"}, -{"note":"","property_name":"idp.pool.LDAP.validateOnCheckout","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections when checking them out of the pool"}, -{"note":"","property_name":"idp.pool.LDAP.validatePeriodically","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections in the background"}, -{"note":"","property_name":"idp.pool.LDAP.validatePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between validation if idp.pool.LDAP.validatePeriodically is true"}, -{"note":"","property_name":"idp.pool.LDAP.validateDN","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to search with the validateFilter: defaults to the rootDSE"}, -{"note":"","property_name":"idp.pool.LDAP.validateFilter","idp_vers":"4.0.1","property_default_value":"(objectClass=*)","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Search filter to execute in order to validate a pooled connection"}, -{"note":"","property_name":"idp.pool.LDAP.prunePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between looking for idle connections to reduce the pool back to its minimum size"}, -{"note":"","property_name":"idp.pool.LDAP.idleTime","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration connections must be idle to be eligible for pruning"}, -{"note":"","property_name":"idp.pool.LDAP.blockWaitTime","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration to wait for a free connection in the pool"}, -{"note":"","property_name":"idp.authn.LDAP.bindPoolPassivator","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind."}, -{"note":"","property_name":"idp.authn.JAAS.loginConfigNames","idp_vers":"4.1","property_default_value":"ShibUserPassAuth","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Comma-delimited set of JAAS application configuration names to use"}, -{"note":"","property_name":"idp.authn.JAAS.loginConfig","idp_vers":"4.1","property_default_value":"%{idp.home}/conf/authn/jaas.config","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Location of JAAS configuration file"}, -{"note":"","property_name":"idp.authn.Krb5.refreshConfig","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt"}, -{"note":"","property_name":"idp.authn.Krb5.preserveTicket","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set"}, -{"note":"","property_name":"idp.authn.Krb5.servicePrincipal","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it"}, -{"note":"","property_name":"idp.authn.Krb5.keytab","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal"}, -{"note":"","property_name":"idp.authn.External.externalAuthnPath","idp_vers":"4.1","property_default_value":"contextRelative:external.jsp","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Spring Web Flow redirection expression for the protected resource"}, -{"note":"","property_name":"idp.authn.External.matchExpression","idp_vers":"4.1","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Regular expression to match username against"}, -{"note":"","property_name":"idp.authn.External.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.External.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.External.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.External.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.External.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, -{"note":"","property_name":"idp.authn.External.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, -{"note":"","property_name":"idp.authn.External.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether to invoke IdP discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.External.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.External.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.External.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.External.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.External.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.RemoteUser.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUser.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.RemoteUserInternal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUserInternal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.SPNEGO.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.SPNEGO.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.X509.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.X509.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.X509Internal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.X509Internal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.IPAddress.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.IPAddress.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.Function.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.Function.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.Duo.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.Duo.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step"}, -{"note":"","property_name":"idp.authn.SAML.inboundMessageHandlerFunction","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of Function to run at the late stages of Response decoding/processing"}, -{"note":"","property_name":"idp.authn.SAML.assertionValidator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of AssertionValidator to run"}, -{"note":"","property_name":"idp.authn.SAML.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.SAML.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.SAML.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.SAML.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.SAML.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, -{"note":"","property_name":"idp.authn.SAML.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, -{"note":"","property_name":"idp.authn.SAML.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to invoke IdP discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.SAML.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.SAML.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.SAML.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.SAML.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.SAML.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.MFA.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.MFA.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of BiConsumer to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone"}, -{"note":"","property_name":"idp.c14n.x500.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, -{"note":"","property_name":"idp.c14n.x500.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, -{"note":"","property_name":"idp.c14n.x500.trim","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to trim leading and trailing whitespace from the username"}, -{"note":"","property_name":"idp.c14n.x500.subjectAltNameTypes","idp_vers":"4.1","property_default_value":"none","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of subjectAltName extension types to look for"}, -{"note":"","property_name":"idp.c14n.x500.objectIDs","idp_vers":"4.1","property_default_value":"2.5.4.3","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of attribute OIDs to search for in the subject DN"}, -{"note":"","property_name":"idp.c14n.saml.proxy.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, -{"note":"","property_name":"idp.c14n.saml.proxy.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, -{"note":"","property_name":"idp.c14n.saml.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, -{"note":"","property_name":"idp.c14n.saml.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2slo","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.logout","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.cas","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.status","idp_vers":"all","property_default_value":"Status","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.resolvertest","idp_vers":"all","property_default_value":"ResolverTest","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.serviceReload","idp_vers":"all","property_default_value":"Reload","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":"","property_name":"idp.audit.hashAlgorithm","idp_vers":"4.1","property_default_value":"SHA-256","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Hash algorithm to apply to various hashed fields"}, -{"note":"","property_name":"idp.audit.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Salt to apply to hashed fields must be set to use those fields"}, -{"note":"","property_name":"idp.oidc.issuer","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set the Open ID Connect Issuer value "}, -{"note":"","property_name":"idp.oidc.idToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT1H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of ID token"}, -{"note":"","property_name":"idp.oidc.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token"}, -{"note":"","property_name":"idp.oidc.authorizeCode.defaultLifetime","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of authorization code"}, -{"note":"","property_name":"idp.oidc.refreshToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT2H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of refresh token"}, -{"note":"","property_name":"idp.oidc.forcePKCE","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is required to use PKCE"}, -{"note":"","property_name":"idp.oidc.allowPKCEPlain","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is allowed to use PKCE code challenge method plain"}, -{"note":"","property_name":"idp.oidc.encodedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests"}, -{"note":"","property_name":"idp.oidc.encodeConsentInTokens","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage"}, -{"note":"","property_name":"idp.oidc.alwaysIncludedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to always include in ID token regardless of response_type"}, -{"note":"","property_name":"idp.oidc.deniedUserInfoAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to omit from UserInfo token"}, -{"note":"","property_name":"idp.oidc.revocationCache.authorizeCode.lifetime","idp_vers":"4.1","property_default_value":"PT6H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of entries in revocation cache for authorize code"}, -{"note":"","property_name":"idp.oidc.revocationCache.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of StorageService for revocation cache requires server-side storage"}, -{"note":"","property_name":"idp.oidc.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods"}, -{"note":"","property_name":"idp.oauth2.grantTypes","idp_vers":"4.1","property_default_value":"authorization_code,refresh_token","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"OAuth grant types to allow"}, -{"note":"","property_name":"idp.oauth2.enforceRefreshTokenRotation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token."}, -{"note":"","property_name":"idp.oauth2.accessToken.type","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Format of access token. Supported values are JWT or nothing."}, -{"note":"","property_name":"idp.oauth2.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token"}, -{"note":"","property_name":"idp.oauth2.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token issued to client for resource server"}, -{"note":"","property_name":"idp.oauth2.revocationMethod","idp_vers":"4.1","property_default_value":"CHAIN","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token"}, -{"note":"","property_name":"idp.oidc.dynreg.defaultRegistrationValidity","idp_vers":"4.1","property_default_value":"PT24H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Registration lifetime"}, -{"note":"","property_name":"idp.oidc.dynreg.defaultScope","idp_vers":"4.1","property_default_value":"openid profile email address phone offline_access","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default scopes accepted in dynamic registration"}, -{"note":"","property_name":"idp.oidc.dynreg.defaultSubjectType","idp_vers":"4.1","property_default_value":"public","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default subject type if not set by client in request. Maybe set to pairwise or public."}, -{"note":"","property_name":"idp.oidc.dynreg.defaultMetadataPolicyFile","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Full path to the file containing default metadata policy used for dynamic client registration"}, -{"note":"","property_name":"idp.oidc.dynreg.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods when using dynamic registration"}, -{"note":"","property_name":"idp.signing.oidc.rs.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-rs.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA signing keypair"}, -{"note":"","property_name":"idp.signing.oidc.es.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-es.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK EC signing keypair"}, -{"note":"","property_name":"idp.signing.oidc.rsa.enc.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-encryption-rsa.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA decryption keypair"}, -{"note":"","property_name":"idp.oidc.signing.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.SigningConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default signing configuration"}, -{"note":"","property_name":"idp.oidc.encryption.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.EncryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default encryption configuration"}, -{"note":"","property_name":"idp.oidc.rodecrypt.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectDecryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request decryption configuration"}, -{"note":"one of these has the wrong name","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request signature validation configuration"}, -{"note":"one of these has the wrong name ","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default JWT token validation configuration"}, -{"note":"","property_name":"idp.authn.OAuth2Client.requireAll","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether all validators must succeed or just one"}, -{"note":"","property_name":"idp.authn.OAuth2Client.removeAfterValidation","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)"}, -{"note":"use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.","property_name":"idp.authn.OAuth2Client.retainAsPrivateCredential","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution"}, -{"note":"","property_name":"idp.authn.OAuth2Client.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.OAuth2Client.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.OAuth2Client.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of BiConsumer>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter."}, -{"note":"","property_name":"idp.service.clientinfo.failFast","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"If true any failures during initialization of any resolvers result in IdP startup failure"}, -{"note":"","property_name":"idp.service.clientinfo.checkInterval","idp_vers":"4.1","property_default_value":"PT0S","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"When non-zero enables monitoring of resources for service reload"}, -{"note":"","property_name":"idp.service.clientinfo.resources","idp_vers":"4.1","property_default_value":"shibboleth.ClientInformationResolverResources","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Name of bean used to define the resources to use in configuring this service"}, -{"note":"","property_name":"idp.oauth2.defaultAllowedScope","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function called shibboleth.oidc.AllowedScopeStrategy"}, -{"note":"","property_name":"idp.oauth2.defaultAllowedAudience","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy"}, -{"note":"","property_name":"idp.oauth2.authn.flows","idp_vers":"4.1","property_default_value":"OAuth2Client","property_type":"regex","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regular expression matching OAuth login flows to enable."}, -{"note":"","property_name":"idp.oidc.subject.sourceAttribute","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The source attribute used in generating the sub claim"}, -{"note":"","property_name":"idp.oidc.subject.algorithm","idp_vers":"4.1","property_default_value":"SHA","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The digest algorithm used in generating the sub claim"}, -{"note":"","property_name":"idp.oidc.subject.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository"}, -{"note":"","property_name":"idp.authn.DuoOIDC.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.DuoOIDC.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.DuoOIDC.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.DuoOIDC.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.DuoOIDC.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, -{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.DuoOIDC.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow considers itself to be proxying"}, -{"note":"","property_name":"idp.authn.DuoOIDC.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to invoke IdP-discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.DuoOIDC.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate determining whether flow is usable for request"}, -{"note":"","property_name":"idp.authn.DuoOIDC.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofBiConsumer for subject customization"}, -{"note":"","property_name":"idp.authn.DuoOIDC.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, -{"note":"","property_name":"idp.duo.oidc.apiHost","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"DuoOIDC API hostname assigned to the integration"}, -{"note":"","property_name":"idp.duo.oidc.clientId","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The OAuth 2.0 Client Identifier valid at the Authorization Server"}, -{"note":"ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback","property_name":"idp.duo.oidc.redirectURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Redirection URI to which the 2FA response will be sent"}, -{"note":"","property_name":"idp.duo.oidc.redirecturl.allowedOrigins","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection."}, -{"note":"","property_name":"idp.duo.oidc.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token)."}, -{"note":"","property_name":"idp.duo.oidc.endpoint.health","idp_vers":"4.1","property_default_value":"/oauth/v1/health_check","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 health check endpoint"}, -{"note":"","property_name":"idp.duo.oidc.endpoint.token","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 token endpoint"}, -{"note":"","property_name":"idp.duo.oidc.endpoint.authorize","idp_vers":"4.1","property_default_value":"/oauth/v1/authorize","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 authorization endpoint"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.clockSkew","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Leeway allowed in token expiry calculations"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.iatWindow","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum amount (in either direction from now) of duration for which a token is valid after it is issued"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.issuerPath","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.preferredUsername","idp_vers":"4.1","property_default_value":"preferred_username","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request."}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.authLifetime","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"How long the authentication is valid. Only applies to forced authentication requests."}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.apiHost","idp_vers":"4.1","property_default_value":"%{idp.duo.oidc.apiHost}","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI hostname assigned to the integration"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.integrationKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI integration key supplied by Duo"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI secret key supplied by Duo"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.factor","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Factor","property_type":"strinig","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI factor"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.device","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Device","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI device ID or name"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.passcode","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Passcode","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI passcode"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.auto","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Allow the factor to be defaulted in as \"auto\" if no headers are received"}, -{"note":" push display","property_name":"idp.duo.oidc.nonbrowser.clientAddressTrusted","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Pass client address to Duo in API calls to support logging"}, -{"note":"","property_name":"idp.duo.oidc.connectionTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for the connection to be established"}, -{"note":"","property_name":"idp.duo.oidc.connectionRequestTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for a connection to be returned from the connection manager"}, -{"note":"","property_name":"idp.duo.oidc.socketTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum period inactivity between two consecutive data packets"}, -{"note":"","property_name":"idp.duo.oidc.maxConnectionsTotal","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max total simultaneous connections allowed by the pooling connection manager"}, -{"note":"","property_name":"idp.duo.oidc.maxConnectionsPerRoute","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max simultaneous connections per route allowed by the pooling connection manager"}, -{"note":"","property_name":"idp.duo.oidc.nimbus.checkRevocation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"To enable certificate revocation checking"}, -{"note":"","property_name":"idp.authn.TOTP.headerName","idp_vers":"4.1","property_default_value":"X-Shibboleth-TOTP","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of request header to use for extracting non-browser submitted token codes"}, -{"note":"","property_name":"idp.authn.TOTP.fieldName","idp_vers":"4.1","property_default_value":"tokencode","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of HTML form field to use for locating browser-submitted token codes"}, -{"note":"","property_name":"idp.authn.TOTP.tokenSeedAttribute","idp_vers":"4.1","property_default_value":"tokenSeeds","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of IdPAttribute to resolve to obtain token seeds for users"}, -{"note":"","property_name":"idp.authn.TOTP.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.TOTP.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.TOTP.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.TOTP.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.TOTP.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, -{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.TOTP.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow considers itself to be proxying"}, -{"note":"","property_name":"idp.authn.TOTP.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to invoke IdP-discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.TOTP.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.TOTP.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.TOTP.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.TOTP.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate determining whether flow is usable for request"}, -{"note":"","property_name":"idp.authn.TOTP.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofBiConsumer for subject customization"}, -{"note":"","property_name":"idp.authn.TOTP.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, -{"note":"","property_name":"idp.authn.TOTP.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, -{"note":"","property_name":"idp.metadata.dnsname","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier"}, -{"note":"","property_name":"idp.metadata.backchannel.cert","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.path","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.height","idp_vers":"4.1","property_default_value":"80","property_type":"int","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The height of the logo in pixels."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.width","idp_vers":"4.1","property_default_value":"80","property_type":"init","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The width of the logo in pixels"}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.langs","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.displayname.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.description.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, -{"note":"no doc","property_name":"idp.oidc.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.defaultSecretExpiration","idp_vers":"4.1","property_default_value":"P12M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The validity of client secret registered"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.allowNoneForRequestSigning","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regardless of what signing algorithms are configured allow none for request object signing"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.validateRemoteJwks","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.defaultMetadataPolicy","idp_vers":"4.1","property_default_value":"shibboleth.oidc.dynreg.DefaultMetadataPolicy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine the default metadata policy used for dynamic client registration"}, -{"note":"no doc","property_name":"idp.oidc.jwk.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Storage for storing remote jwk sets."}, -{"note":"no doc","property_name":"idp.oidc.metadata.saml","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution"}, -{"note":"no doc","property_name":"idp.oidc.jwksuri.fetchInterval","idp_vers":"4.1","property_default_value":"PT30M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Upgrade interval to the remote JWKs"}, -{"note":"no doc","property_name":"idp.oidc.config.minRefreshDelay","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, -{"note":"no doc","property_name":"idp.oidc.config.maxRefreshDelay","idp_vers":"4.1","property_default_value":"PT4H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, -{"note":"no doc","property_name":"idp.oidc.LoginHintLookupStrategy","idp_vers":"4.1","property_default_value":"DefaultRequestLoginHintLookupFunction","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is."}, -{"note":"no doc","property_name":"idp.oidc.SPSessionCreationStrategy","idp_vers":"4.1","property_default_value":"DefaultSPSessionCreationStrategy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported."} + { + "property_name": "idp.searchForProperties", + "property_type": "bool", + "property_default_value": true, + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Auto-load all files matching conf/**/*.properties", + "note": "" + }, + { + "property_name": "idp.additionalProperties", + "property_type": "Comma-delimited paths", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.", + "note": "ex. /conf/ldap.properties, /conf/services.properties" + }, + { + "property_name": "idp.entityID", + "property_type": "URI", + "property_default_value": "none", + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The unique name of the IdP used as the iisuer in all SAML profiles", + "note": "ex. https://unicon.net/idp/shibboleth" + }, + { + "property_name": "idp.entityID.metadataFile", + "property_type": "resource path", + "property_default_value": "%{idp.home}/metadata/idp-metadata.xml", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the file to serve for requests to the IdP's well-known metadata location", + "note": "" + }, + { + "property_name": "idp.artifact.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to allow use of the SAML artifact bindings when sending messages", + "note": "" + }, + { + "property_name": "idp.artifact.secureChannel", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)", + "note": "" + }, + { + "property_name": "idp.artifact.endpointIndex", + "property_type": "int", + "property_default_value": 2, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the endpoint in SAML metadata associated with artifacts issued by a server node", + "note": "" + }, + { + "property_name": "idp.artifact.StorageService", + "property_type": "Bean ID of a StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.StorageService", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)", + "note": "" + }, + { + "property_name": "idp.bindings.inMetadataOrder", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout.", + "note": "" + }, + { + "property_name": "idp.entityID.metadataFile", + "property_type": "file pathname", + "property_default_value": "%{idp.home}/metadata/idp-metadata.xml", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the file to serve for requests to the IdP's well-known metadata location", + "note": "" + }, + { + "property_name": "idp.scope", + "property_type": "string", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "applies a (fixed) scope typically a domain-valued suffix to an input attribute's values", + "note": "" + }, + { + "property_name": "idp.cookie.secure", + "property_type": "bool", + "property_default_value": false, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true all cookies issued by the IdP (not including the container) will be limited to TLS", + "note": "" + }, + { + "property_name": "idp.cookie.httpOnly", + "property_type": "bool", + "property_default_value": true, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property", + "note": "" + }, + { + "property_name": "idp.cookie.domain", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Overrides the domain of any cookies issued by the IdP (not including the container)", + "note": "" + }, + { + "property_name": "idp.cookie.path", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Overrides the path of any cookies issued by the IdP (not including the container)", + "note": "" + }, + { + "property_name": "idp.cookie.maxAge", + "property_type": "int", + "property_default_value": 31536000, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)", + "note": "" + }, + { + "property_name": "idp.cookie.sameSite", + "property_type": "Null/None/Lax/Strict", + "property_default_value": "None", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified", + "note": "" + }, + { + "property_name": "idp.cookie.sameSiteCondition", + "property_type": "Bean ID of Predicate", + "property_default_value": "shibboleth.Conditions.FALSE", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Predicate condition bean controlling whether SameSite filter runs", + "note": "" + }, + { + "property_name": "idp.sealer.keyStrategy", + "property_type": "Bean ID of DataSealerKeyStrategy", + "property_default_value": "shibboleth.DataSealerKeyStrategy", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.", + "note": "" + }, + { + "property_name": "idp.sealer.storeType", + "property_type": "string", + "property_default_value": "JCEKS", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Type of Java keystore used for IdP's internal AES encryption key", + "note": "" + }, + { + "property_name": "idp.sealer.updateInterval", + "property_type": "duration", + "property_default_value": "PT15M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time between checks for a new AES key version", + "note": "" + }, + { + "property_name": "idp.sealer.aliasBase", + "property_type": "string", + "property_default_value": "secret", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)", + "note": "" + }, + { + "property_name": "idp.sealer.storeResource", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Keystore resource containing AES encryption key usually a file path", + "note": "" + }, + { + "property_name": "idp.sealer.versionResource", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource that tracks the active AES encryption key version usually a file path", + "note": "" + }, + { + "property_name": "idp.sealer.storePassword", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Keystore password unlocking AES encryption keystore typically set during installation", + "note": "" + }, + { + "property_name": "idp.sealer.keyPassword", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Key password unlocking AES encryption key typically set to the same as the previous property and set during installation", + "note": "" + }, + { + "property_name": "idp.signing.key", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing private key for signing typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.signing.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.key", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing a private key for decryption typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.key.2", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing an alternate private key for decryption generally unused except while changing decryption keys", + "note": "" + }, + { + "property_name": "idp.encryption.cert.2", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing an alternate public key certificate generally unused except while changing decryption keys", + "note": "" + }, + { + "property_name": "idp.security.config", + "property_type": "Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)", + "property_default_value": "shibboleth.DefaultSecurityConfiguration", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default SecurityConfiguration", + "note": "" + }, + { + "property_name": "idp.signing.config", + "property_type": "Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)", + "property_default_value": "shibboleth.SigningConfiguration.SHA256", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default SignatureSigningConfiguration", + "note": "" + }, + { + "property_name": "idp.encryption.config", + "property_type": "Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)", + "property_default_value": "shibboleth.EncryptionConfiguration.CBC", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default EncryptionConfiguration", + "note": "" + }, + { + "property_name": "idp.encryption.optional", + "property_type": "bool", + "property_default_value": false, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true failure to locate an encryption key to use won't result in request failure", + "note": "" + }, + { + "property_name": "idp.encryption.keyagreement.metadata.defaultUseKeyWrap", + "property_type": "string", + "property_default_value": "Default", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration", + "note": "" + }, + { + "property_name": "idp.trust.signatures", + "property_type": "Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)", + "property_default_value": "shibboleth.ChainingSignatureTrustEngine", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean for the trust engine used to verify signatures", + "note": "" + }, + { + "property_name": "idp.trust.certificates", + "property_type": "Bean ID of TrustEngine (org.opensaml.security.trust)", + "property_default_value": "shibboleth.ChainingX509TrustEngine", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean for the trust engine used to verify TLS certificates", + "note": "" + }, + { + "property_name": "idp.policy.messageLifetime", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default freshness window for accepting timestamped messages", + "note": "" + }, + { + "property_name": "idp.policy.assertionLifetime", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default freshness window for accepting timestamped assertions", + "note": "" + }, + { + "property_name": "idp.policy.clockSkew", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default allowance for clock differences between systems", + "note": "" + }, + { + "property_name": "idp.security.basicKeyInfoFactory", + "property_type": "Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)", + "property_default_value": "shibboleth.BasicKeyInfoGeneratorFactory", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the BasicKeyInfoGeneratorFactory used by default", + "note": "" + }, + { + "property_name": "idp.security.x509KeyInfoFactory", + "property_type": "Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)", + "property_default_value": "shibboleth.X509KeyInfoGeneratorFactory", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the X509KeyInfoGeneratorFactory used by default", + "note": "" + }, + { + "property_name": "idp.csrf.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "CSRF", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Enables CSRF protection", + "note": "" + }, + { + "property_name": "idp.csrf.token.parameter", + "property_type": "string", + "property_default_value": "csrf_token", + "config_category": "CSRF", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Name of the HTTP parameter that stores the CSRF token", + "note": "" + }, + { + "property_name": "idp.hsts", + "property_type": "string", + "property_default_value": "max-age=0", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures an HSTS response header", + "note": "" + }, + { + "property_name": "idp.frameoptions", + "property_type": "DENY/SAMEORIGIN", + "property_default_value": "DENY", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures an X-Frame-Options response header", + "note": "" + }, + { + "property_name": "idp.csp", + "property_type": "string", + "property_default_value": "frame-ancestors 'none'", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures a Content Security Policy response header", + "note": "" + }, + { + "property_name": "idp.webflows", + "property_type": "resource path", + "property_default_value": "%{idp.home}/flows", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Location from which to load user-supplied webflows from", + "note": "" + }, + { + "property_name": "idp.views", + "property_type": "Comma-delimited paths", + "property_default_value": "%{idp.home}/views", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading.", + "note": "" + }, + { + "property_name": "idp.errors.detailed", + "property_type": "bool", + "property_default_value": false, + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to expose detailed error causes in status information provided to outside parties", + "note": "" + }, + { + "property_name": "idp.errors.signed", + "property_type": "bool", + "property_default_value": true, + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)", + "note": "" + }, + { + "property_name": "idp.errors.defaultView", + "property_type": "string", + "property_default_value": "error", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The default view name to render for exceptions and events", + "note": "" + }, + { + "property_name": "idp.errors.excludedExceptions", + "property_type": "Bean ID of Properties (java.util.Properties)", + "property_default_value": "none", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class).", + "note": "" + }, + { + "property_name": "idp.errors.exceptionMappings", + "property_type": "Bean ID of Collection (java.util)", + "property_default_value": "none", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)", + "note": "" + }, + { + "property_name": "idp.storage.cleanupInterval", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Interval of background thread sweeping server-side storage for expired records", + "note": "" + }, + { + "property_name": "idp.storage.htmlLocalStorage", + "property_type": "bool", + "property_default_value": false, + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use HTML Local Storage (if available) instead of cookies", + "note": "" + }, + { + "property_name": "idp.storage.clientSessionStorageName", + "property_type": "string", + "property_default_value": "shib_idp_session_ss", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of cookie or HTML storage key used by the default per-session instance of the client storage service", + "note": "" + }, + { + "property_name": "idp.storage.clientPersistentStorageName", + "property_type": "string", + "property_default_value": "shib_idp_persistent_ss", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of cookie or HTML storage key used by the default persistent instance of the client storage service", + "note": "" + }, + { + "property_name": "idp.replayCache.StorageService", + "property_type": "Bean ID of a StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.StorageService", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage back-end to use for message replay checking (must be server-side)", + "note": "" + }, + { + "property_name": "idp.replayCache.strict", + "property_type": "bool", + "property_default_value": true, + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether storage errors during replay checks should be treated as a replay", + "note": "" + }, + { + "property_name": "idp.session.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to enable the IdP's session tracking feature", + "note": "" + }, + { + "property_name": "idp.session.StorageService", + "property_type": "Bean ID of StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.ClientSessionStorageService", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean name of a storage implementation/configuration to use for IdP sessions", + "note": "" + }, + { + "property_name": "idp.session.cookieName", + "property_type": "string", + "property_default_value": "shib_idp_session", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)", + "note": "" + }, + { + "property_name": "idp.session.idSize", + "property_type": "int", + "property_default_value": 32, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Number of characters in IdP session identifiers", + "note": "" + }, + { + "property_name": "idp.session.consistentAddress", + "property_type": "bool", + "property_default_value": true, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to bind IdP sessions to IP addresses", + "note": "" + }, + { + "property_name": "idp.session.consistentAddressCondition", + "property_type": "BiPredicate", + "property_default_value": "Direct string comparison", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A 2-argument predicate that compares a bound session's address to a client address", + "note": "" + }, + { + "property_name": "idp.session.timeout", + "property_type": "duration", + "property_default_value": "PT60M", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Inactivity timeout policy for IdP sessions (must be non-zero)", + "note": "" + }, + { + "property_name": "idp.session.slop", + "property_type": "duration", + "property_default_value": 0, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Extra time after expiration before removing SP sessions in case a logout is invoked", + "note": "" + }, + { + "property_name": "idp.session.maskStorageFailure", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to hide storage failures from users during session cache reads/writes", + "note": "" + }, + { + "property_name": "idp.session.trackSPSessions", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)", + "note": "" + }, + { + "property_name": "idp.session.secondaryServiceIndex", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)", + "note": "" + }, + { + "property_name": "idp.session.defaultSPlifetime", + "property_type": "duration", + "property_default_value": "PT2H", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting", + "note": "" + }, + { + "property_name": "idp.authn.flows", + "property_type": "regex", + "property_default_value": "none", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Required expression that identifies the login flows to globally enable", + "note": "ex. Password, MA, DUO" + }, + { + "property_name": "idp.authn.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT60M", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default amount of time to allow reuse prior authentication flows", + "note": "measured since first usage" + }, + { + "property_name": "idp.authn.defaultTimeout", + "property_type": "duration", + "property_default_value": "PT30M", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default inactivity timeout to prevent reuse of prior authentication flows", + "note": "measured since last usage" + }, + { + "property_name": "idp.authn.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication", + "note": "" + }, + { + "property_name": "idp.authn.favorSSO", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to prioritize prior authentication results when an SP requests more than one possible matching method", + "note": "" + }, + { + "property_name": "idp.authn.rpui", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to populate information about the relying party into the tree for user interfaces during login and interceptors", + "note": "" + }, + { + "property_name": "idp.authn.identitySwitchIsError", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session.", + "note": "" + }, + { + "property_name": "idp.authn.discoveryURL", + "property_type": "string", + "property_default_value": "none", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose", + "note": "" + }, + { + "property_name": "idp.authn.overrideRequestedAuthnContext", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set.", + "note": "" + }, + { + "property_name": "idp.consent.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ClientPersistentStorageService", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of storage service used to store users' consent choices", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.userStorageKey", + "property_type": "Bean ID", + "property_default_value": "shibboleth.consent.PrincipalConsentStorageKey", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of function used to return the String storage key representing a user defaults to the principal name", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.userStorageKeyAttribute", + "property_type": "string", + "property_default_value": "uid", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Attribute whose value is the storage key representing a user", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional condition to apply to control activation of attribute-release flow along with system default behavior", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.auditFormat", + "property_type": "logback", + "property_default_value": "%T|%SP|%e|%u|%CCI|%CCV|%CCA", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default consent auditing formats", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.userStorageKey", + "property_type": "Bean ID", + "property_default_value": "shibboleth.consent.PrincipalConsentStorageKey", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of function used to return the String storage key representing a user defaults to the principal name", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.userStorageKeyAttribute", + "property_type": "string", + "property_default_value": "uid", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Attribute whose value is the storage key representing a user", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.consentValueMessageCodeSuffix", + "property_type": "string", + "property_default_value": ".text", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix of message property used as value of consent storage records when idp.consent.compareValues is true", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional condition to apply to control activation of terms-of-use flow", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.auditFormat", + "property_type": "logback", + "property_default_value": "%T|%SP|%e|%u|%CCI|%CCV|%CCA", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default consent auditing formats", + "note": "" + }, + { + "property_name": "idp.consent.allowDoNotRemember", + "property_type": "bool", + "property_default_value": true, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether not remembering/storing consent is allowed", + "note": "" + }, + { + "property_name": "idp.consent.allowGlobal", + "property_type": "bool", + "property_default_value": true, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether consent to any attribute and to any relying party is allowed", + "note": "" + }, + { + "property_name": "idp.consent.allowPerAttribute", + "property_type": "bool", + "property_default_value": false, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether per-attribute consent is allowed", + "note": "" + }, + { + "property_name": "idp.consent.compareValues", + "property_type": "bool", + "property_default_value": false, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute values and terms of use text are stored and compared for equality", + "note": "" + }, + { + "property_name": "idp.consent.maxStoredRecords", + "property_type": "int", + "property_default_value": 10, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit", + "note": "" + }, + { + "property_name": "idp.consent.expandedMaxStoredRecords", + "property_type": "int", + "property_default_value": 0, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum number of records stored when using larger/server-side storage, 0 = no limit", + "note": "" + }, + { + "property_name": "idp.consent.storageRecordLifetime", + "property_type": "duration", + "property_default_value": "(v4.0=P1Y,v4.1=infinite)", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "4.x", + "module": "", + "module_vers": "", + "description": "Time in milliseconds to expire consent storage records", + "note": "" + }, + { + "property_name": "idp.logout.elaboration", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to search metadata for user interface information associated with every service involved in logout propagation", + "note": "" + }, + { + "property_name": "idp.logout.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to require signed logout messages in accordance with the SAML 2.0 standard", + "note": "" + }, + { + "property_name": "idp.logout.promptUser", + "property_type": "Bean ID of Predicate", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session", + "note": "" + }, + { + "property_name": "idp.logout.preserveQuery", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic", + "note": "" + }, + { + "property_name": "idp.logout.assumeAsync", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints", + "note": "" + }, + { + "property_name": "idp.logout.propagationHidden", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user", + "note": "" + }, + { + "property_name": "idp.soap.httpClient", + "property_type": "Bean ID of HttpClient to use for SOAP-based logout", + "property_default_value": "SOAPClient.HttpClient", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)", + "note": "" + }, + { + "property_name": "idp.ui.fallbackLanguages", + "property_type": "Comma-delimited list", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "languages to use if no match can be found with the browser-supported languages", + "note": "ex. en, fr, de" + }, + { + "property_name": "idp.cas.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)", + "note": "" + }, + { + "property_name": "idp.cas.serviceRegistryClass", + "property_type": "?", + "property_default_value": "net.shibboleth.idp.cas.service.PatternServiceRegistry", + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "CAS service registry implementation class", + "note": "" + }, + { + "property_name": "idp.cas.relyingPartyIdFromMetadata", + "property_type": "bool", + "property_default_value": false, + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true CAS services provisioned with SAML metadata are identified via entityID", + "note": "" + }, + { + "property_name": "idp.fticks.federation", + "property_type": "string", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Enables F-TICKS output and specifies the value of the federation-identifier field", + "note": "" + }, + { + "property_name": "idp.fticks.condition", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean name of a Predicate to use to decide whether to run", + "note": "" + }, + { + "property_name": "idp.fticks.algorithm", + "property_type": "string", + "property_default_value": "SHA-2", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Digest algorithm used to obscure usernames", + "note": "" + }, + { + "property_name": "idp.fticks.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A salt to apply when digesting usernames (if not specified, the username will not be included)", + "note": "" + }, + { + "property_name": "idp.fticks.loghost", + "property_type": "string", + "property_default_value": "localhost", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The remote syslog host", + "note": "" + }, + { + "property_name": "idp.fticks.logport", + "property_type": "int", + "property_default_value": 514, + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The remote syslog port", + "note": "" + }, + { + "property_name": "idp.audit.shortenBindings", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set false if you want SAML bindings \"spelled out\" in audit log", + "note": "" + }, + { + "property_name": "idp.velocity.runtime.strictmode", + "property_type": "bool", + "property_default_value": false, + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set to true to fail on velocity syntax errors", + "note": "" + }, + { + "property_name": "idp.intercept.External.externalPath", + "property_type": "path", + "property_default_value": "contextRelative:intercept.jsp", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Path to use with External interceptor flow", + "note": "" + }, + { + "property_name": "idp.impersonate.generalPolicy", + "property_type": "Policy ID", + "property_default_value": "GeneralImpersonationPolicy", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Policies to use with Impersonate interceptor flow", + "note": "" + }, + { + "property_name": "idp.impersonate.specificPolicy", + "property_type": "Policy ID", + "property_default_value": "SpecificImpersonationPolicy", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Policies to use with Impersonate interceptor flow", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.authenticator", + "property_type": "string", + "property_default_value": "anonSearchAuthenticator", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.ldapURL", + "property_type": "LDAP URI", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Connection URI for LDAP directory", + "note": "ex. ldap://localhost or ldaps://localhost" + }, + { + "property_name": "idp.authn.LDAP.useStartTLS", + "property_type": "bool", + "property_default_value": true, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether StartTLS should be used after connecting with LDAP alone.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.connectTimeout", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to wait for the TCP connection to occur.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.responseTimeout", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to wait for an LDAP response message", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.connectionStrategy", + "property_type": "string", + "property_default_value": "ACTIVE_PASSIVE", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.sslConfig", + "property_type": "string", + "property_default_value": "certificateTrust", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.trustCertificates", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A resource to load trust anchors from when using sslConfig = certificateTrust", + "note": "ex. %{idp.home}/credentials/ldap-server.crt" + }, + { + "property_name": "idp.authn.LDAP.trustStore", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust", + "note": "ex. %{idp.home}/credentials/ldap-server.truststore" + }, + { + "property_name": "idp.authn.LDAP.returnAttributes", + "property_type": "comma-seperated strings", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "List of attributes to request during authentication", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.baseDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.subtreeSearch", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.userFilter", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindDNCredential", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.dnFormat", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator", + "note": "ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com" + }, + { + "property_name": "idp.authn.LDAP.resolveEntryOnFailure", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.resolveEntryWithBindDN", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.usePasswordPolicy", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use the Password Policy Control.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.usePasswordExpiration", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use the Password Expired Control.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.activeDirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.freeIPADirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.eDirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.disablePooling", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether connection pools should be used for LDAP authentication and DN resolution", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.minSize", + "property_type": "int", + "property_default_value": 3, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Minimum LDAP connection pool size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.maxSize", + "property_type": "int", + "property_default_value": 10, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum LDAP connection pool size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateOnCheckout", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to validate connections when checking them out of the pool", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validatePeriodically", + "property_type": "bool", + "property_default_value": true, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to validate connections in the background", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validatePeriod", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration between validation if idp.pool.LDAP.validatePeriodically is true", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "DN to search with the validateFilter: defaults to the rootDSE", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateFilter", + "property_type": "string", + "property_default_value": "(objectClass=*)", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "Search filter to execute in order to validate a pooled connection", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.prunePeriod", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration between looking for idle connections to reduce the pool back to its minimum size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.idleTime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration connections must be idle to be eligible for pruning", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.blockWaitTime", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration to wait for a free connection in the pool", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindPoolPassivator", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind.", + "note": "" + }, + { + "property_name": "idp.authn.JAAS.loginConfigNames", + "property_type": "string", + "property_default_value": "ShibUserPassAuth", + "config_category": "JAASAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited set of JAAS application configuration names to use", + "note": "" + }, + { + "property_name": "idp.authn.JAAS.loginConfig", + "property_type": "resource path", + "property_default_value": "%{idp.home}/conf/authn/jaas.config", + "config_category": "JAASAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Location of JAAS configuration file", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.refreshConfig", + "property_type": "bool", + "property_default_value": false, + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.preserveTicket", + "property_type": "bool", + "property_default_value": false, + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.servicePrincipal", + "property_type": "string", + "property_default_value": "none", + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.keytab", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal", + "note": "" + }, + { + "property_name": "idp.authn.External.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.External.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.External.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.External.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.External.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.External.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.External.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.External.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.External.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.External.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.External.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.External.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.External.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.External.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.External.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.External.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.RemoteUser.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkRemoteUser", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to check REMOTE_USER for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkAttributes", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited lists of request attributes to check for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkHeaders", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of request headers to check for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to lowercase the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to uppercase the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "A regular expression that must match the username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.allowedUsernames", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of usernames to accept while blocking all others", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.deniedUsernames", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of usernames to deny while accepting all others", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.RemoteUserInternal.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.externalAuthnPath", + "property_type": "URL path", + "property_default_value": "/Authn/SPNEGO", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Servlet-relative path to the SPNEGO external authentication implementation", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.enforceRun", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to always try to run SPNEGO independent of the user's auto-login setting", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.refreshKrbConfig", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.cookieName", + "property_type": "string", + "property_default_value": "_idp_spnego_autologin", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.2, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Name of cookie used to track auto-login state of client", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.SPNEGO.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, saml1/urn:ietf:rfc:1510", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:x509-prompt.jsp", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.X509.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.X509.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.X509.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.X509.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.X509.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.X509.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.saveCertificateToCredentialSet", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to save the certificate into the Subject's public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.X509Internal.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.IPAddress.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.Function.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.Function.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.Function.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.Function.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Function.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Function.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.Function.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.Function.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.Function.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.duo.apiHost", + "property_type": "URL", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb API hostname assigned to the integration", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.applicationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "A secret supplied by you and not shared with Duo; see https://duo.com/docs/duoweb-v2, \"Generate an akey\".", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb integration key (supplied by Duo as Client ID)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb secret key (supplied by Duo as Client secret)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.apiHost", + "property_type": "URL", + "property_default_value": "${idp.duo.apiHost}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI hostname assigned to the integration", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI integration key (supplied by Duo as Client ID)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI secret key (supplied by Duo as Client secret)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.factor", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Factor", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI factor", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.device", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Device", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI device ID or name", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.passcode", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Passcode", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI passcode", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.auto", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Allow the factor to be defaulted to auto if no headers are received", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.clientAddressTrusted", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Pass client address to Duo in API calls to support logging, push display, and network-based Duo policies", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.authn.Duo.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.Duo.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.Duo.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.Duo.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.Duo.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Duo.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Duo.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.Duo.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.Duo.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.Duo.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.externalAuthnPath", + "property_type": "url path", + "property_default_value": "servletRelative:/Authn/SAML2/POST/SSO", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the IdP's AssertionConsumerService", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyEntityID", + "property_type": "string", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Statically-defined entityID of IdP to use for authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.outboundMessageHandlerFunction", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of Function to run just prior to AuthnRequest signing/encoding step", + "note": "" + }, + { + "property_name": "idp.authn.SAML.inboundMessageHandlerFunction", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of Function to run at the late stages of Response decoding/processing", + "note": "" + }, + { + "property_name": "idp.authn.SAML.assertionValidator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of AssertionValidator to run", + "note": "" + }, + { + "property_name": "idp.authn.SAML.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.SAML.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.SAML.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SAML.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.SAML.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.SAML.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.SAML.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.validateLoginTransitions", + "property_type": "bool", + "property_default_value": true, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions", + "note": "" + }, + { + "property_name": "idp.authn.MFA.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.MFA.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.MFA.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.MFA.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.MFA.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.MFA.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.MFA.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.MFA.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.MFA.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.MFA.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.transientId.generator", + "property_type": "Bean ID of a TransientIdGenerationStrategy", + "property_default_value": "shibboleth.CryptoTransientIdGenerator", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the strategy plugin for generating transient IDs", + "note": "" + }, + { + "property_name": "idp.nameid.saml2.default", + "property_type": "URI", + "property_default_value": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default Format to generate if nothing else is indicated", + "note": "" + }, + { + "property_name": "idp.nameid.saml1.default", + "property_type": "URI", + "property_default_value": "urn:mace:shibboleth:1.0:nameIdentifier", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default Format to generate if nothing else is indicated", + "note": "" + }, + { + "property_name": "idp.persistentId.generator", + "property_type": "Bean ID of a PairwiseIdStore", + "property_default_value": "shibboleth.ComputedPersistentIdGenerator", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the strategy plugin for sourcing persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.dataSource", + "property_type": "Bean ID of a JDBC DataSource", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies a data source for storage-based management of persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.computed", + "property_type": "Bean ID of a PairwiseIdStore", + "property_default_value": "shibboleth.ComputedPersistentIdGenerator", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies a strategy plugin to use to generate the first persistent identifier for each subject", + "note": "used to migrate from the computed to stored strategies: can be null" + }, + { + "property_name": "idp.persistentId.sourceAttribute", + "property_type": "string", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable", + "note": "" + }, + { + "property_name": "idp.persistentId.useUnfilteredAttributes", + "property_type": "boolean", + "property_default_value": true, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether or not the previous property has access to unreleased attributes", + "note": "" + }, + { + "property_name": "idp.persistentId.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A secret salt for the hash when using computed persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.encodedSalt", + "property_type": "Base64-encoded String", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "An encoded form of the persistentId.salt", + "note": "" + }, + { + "property_name": "idp.persistentId.algorithm", + "property_type": "string", + "property_default_value": "SHA", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The hash algorithm used when using computed persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.encoding", + "property_type": "string", + "property_default_value": "BASE64", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64", + "note": "" + }, + { + "property_name": "idp.persistentId.exceptionMap", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ComputedIdExceptionMap", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services", + "note": "" + }, + { + "property_name": "idp.persistentId.queryTimeout", + "property_type": "duration", + "property_default_value": "PT5S", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Query timeout for database access", + "note": "" + }, + { + "property_name": "idp.persistentId.transactionRetries", + "property_type": "int", + "property_default_value": 3, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Number of retries in the event database locking bugs cause retryable failures", + "note": "" + }, + { + "property_name": "idp.persistentId.retryableErrors", + "property_type": "string", + "property_default_value": "23000,23505", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "List of error strings to identify as retryable failures", + "note": "" + }, + { + "property_name": "idp.persistentId.verifyDatabase", + "property_type": "bool", + "property_default_value": true, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.", + "note": "" + }, + { + "property_name": "idp.persistentId.tableName", + "property_type": "string", + "property_default_value": "shibpid", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the name of the table in the database", + "note": "" + }, + { + "property_name": "idp.persistentId.localEntityColumn", + "property_type": "string", + "property_default_value": "localEntity", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.peerEntityColumn", + "property_type": "string", + "property_default_value": "peerEntity", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.principalNameColumn", + "property_type": "string", + "property_default_value": "principalName", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.sourceIdColumn", + "property_type": "string", + "property_default_value": "localId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.persistentIdColumn", + "property_type": "string", + "property_default_value": "persistentId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.peerProvidedIdColumn", + "property_type": "string", + "property_default_value": "peerProvidedId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.createTimeColumn", + "property_type": "string", + "property_default_value": "creationDate", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.deactivationTimeColumn", + "property_type": "string", + "property_default_value": "deactivationDate", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.service.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set default fail-fast behavior of all services unless overridden by service", + "note": "" + }, + { + "property_name": "idp.service.logging.resource", + "property_type": "resource path", + "property_default_value": "%{idp.home}/conf/logback.xml", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Logging configuration resource to use (the reloadable service ID is shibboleth.LoggingService)", + "note": "" + }, + { + "property_name": "idp.service.logging.failFast", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if logging configuration is invalid", + "note": "" + }, + { + "property_name": "idp.service.logging.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to logging configuration and reload service. A value of 0 indicates that the logging configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.RelyingPartyResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for RelyingPartyConfiguration", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if RelyingPartyConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to RelyingPartyConfiguration and reload service. A value of 0 indicates that the relying party configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.ignoreUnmappedEntityAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "See MetadataDrivenConfiguration SAML Attribute Name Format Usage", + "note": "" + }, + { + "property_name": "idp.service.metadata.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.MetadataResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for MetadataConfiguration", + "note": "" + }, + { + "property_name": "idp.service.metadata.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if MetadataConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.metadata.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.metadata.enableByReferenceFilters", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeRegistryResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeRegistryConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeRegistryConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.encodeType", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeResolverConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeResolverConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.maskFailures", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.stripNulls", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invisible to dependant attribute definitions) use a SimpleAttributeDefinition and specify ignoreNullValues", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.suppressDisplayInfo", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so there should be no reason to revert this behavior unless using third party software which expect the IdPAttribute DisplayName and DisplayDescriptions to be pre-populated", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeFilterResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeFilterConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeFilterConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.maskFailures", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.NameIdentifierGenerationResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for NameIDGenerationConfiguration", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if NameIDGenerationConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to NameIDGenerationConfiguration and reload service", + "note": "" + }, + { + "property_name": "idp.service.access.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AccessControlResource", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AccessControlConfiguration", + "note": "" + }, + { + "property_name": "idp.service.access.failFast", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AccessControlConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.access.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AccessControlConfiguration and reload service", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.CASServiceRegistryResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for CASServiceRegistry configuration", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if CASServiceRegistry configuration is invalid", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice CASServiceRegistry configuration changes and reload service", + "note": "" + }, + { + "property_name": "idp.service.managedBean.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ManagedBeanResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for ManagedBeanConfiguration", + "note": "" + }, + { + "property_name": "idp.service.managedBean.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if ManagedBeanConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.managedBean.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice ManagedBeanConfiguration changes and reload service", + "note": "" + }, + { + "property_name": "idp.message.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.MessageSourceResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying Spring message property resources", + "note": "" + }, + { + "property_name": "idp.message.cacheSeconds", + "property_type": "int", + "property_default_value": 300, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Seconds between reloads of message property resources", + "note": "" + }, + { + "property_name": "idp.status.logging", + "property_type": "string", + "property_default_value": "Status", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.status.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.status.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.status.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.status.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.status.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.status.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.reload.logging", + "property_type": "string", + "property_default_value": "Reload", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.reload.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.reload.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.reload.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.reload.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.reload.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.reload.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.resolvertest.logging", + "property_type": "string", + "property_default_value": "ResolverTest", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.resolvertest.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.resolvertest.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.resolvertest.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.resolvertest.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.resolvertest.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.resolvertest.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.mdquery.logging", + "property_type": "string", + "property_default_value": "MetadataQuery", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.mdquery.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.mdquery.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.mdquery.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.mdquery.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.mdquery.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.mdquery.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.metrics.logging", + "property_type": "string", + "property_default_value": "Metrics", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.metrics.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.metrics.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.metrics.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.metrics.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.metrics.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.hello.logging", + "property_type": "string", + "property_default_value": "Hello", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.hello.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByAdminUser", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.hello.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.hello.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.hello.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.hello.resolveAttributes", + "property_type": "bool", + "property_default_value": true, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.hello.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.lockout.logging", + "property_type": "string", + "property_default_value": "Lockout", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.lockout.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.lockout.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.lockout.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.lockout.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.lockout.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.lockout.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.storage.logging", + "property_type": "string", + "property_default_value": "Storage", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.storage.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.storage.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.storage.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.storage.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.storage.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.logging", + "property_type": "string", + "property_default_value": "UnlockKeys", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.unlock-keys.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.unlock-keys.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.unlock-keys.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.c14n.simple.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.simple.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.simple.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.attributesToResolve", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.attributeSourceIds", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.resolveFromSubject", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.resolutionCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone", + "note": "" + }, + { + "property_name": "idp.c14n.x500.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.subjectAltNameTypes", + "property_type": "List", + "property_default_value": "none", + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of subjectAltName extension types to look for", + "note": "" + }, + { + "property_name": "idp.c14n.x500.objectIDs", + "property_type": "List", + "property_default_value": "2.5.4.3", + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attribute OIDs to search for in the subject DN", + "note": "" + }, + { + "property_name": "idp.c14n.saml.proxy.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAML2ProxyTransformPostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.proxy.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAML2ProxyTransformPostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "NameIDConsumptionConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "NameIDConsumptionConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.service.logging.saml1sso", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml1attrquery", + "property_type": "string", + "property_default_value": "AttributeQuery", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml1artifact", + "property_type": "string", + "property_default_value": "ArtifactResolution", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2sso", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2attrquery", + "property_type": "string", + "property_default_value": "AttributeQuery", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2artifact", + "property_type": "string", + "property_default_value": "ArtifactResolution", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2slo", + "property_type": "string", + "property_default_value": "Logout", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.logout", + "property_type": "string", + "property_default_value": "Logout", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.cas", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.status", + "property_type": "string", + "property_default_value": "Status", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.resolvertest", + "property_type": "string", + "property_default_value": "ResolverTest", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.serviceReload", + "property_type": "string", + "property_default_value": "Reload", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.audit.hashAlgorithm", + "property_type": "string", + "property_default_value": "SHA-256", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Hash algorithm to apply to various hashed fields", + "note": "" + }, + { + "property_name": "idp.audit.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Salt to apply to hashed fields must be set to use those fields", + "note": "" + }, + { + "property_name": "idp.oidc.issuer", + "property_type": "URL", + "property_default_value": "none", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Set the Open ID Connect Issuer value", + "note": "" + }, + { + "property_name": "idp.oidc.idToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT1H", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of ID token", + "note": "" + }, + { + "property_name": "idp.oidc.accessToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of access token", + "note": "" + }, + { + "property_name": "idp.oidc.authorizeCode.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of authorization code", + "note": "" + }, + { + "property_name": "idp.oidc.refreshToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT2H", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of refresh token", + "note": "" + }, + { + "property_name": "idp.oidc.forcePKCE", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether client is required to use PKCE", + "note": "" + }, + { + "property_name": "idp.oidc.allowPKCEPlain", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether client is allowed to use PKCE code challenge method plain", + "note": "" + }, + { + "property_name": "idp.oidc.encodedAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests", + "note": "" + }, + { + "property_name": "idp.oidc.encodeConsentInTokens", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage", + "note": "" + }, + { + "property_name": "idp.oidc.alwaysIncludedAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to always include in ID token regardless of response_type", + "note": "" + }, + { + "property_name": "idp.oidc.deniedUserInfoAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to omit from UserInfo token", + "note": "" + }, + { + "property_name": "idp.oidc.revocationCache.authorizeCode.lifetime", + "property_type": "duration", + "property_default_value": "PT6H", + "config_category": "OPRevocation", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of entries in revocation cache for authorize code", + "note": "" + }, + { + "property_name": "idp.oidc.revocationCache.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of StorageService for revocation cache requires server-side storage", + "note": "" + }, + { + "property_name": "idp.oidc.tokenEndpointAuthMethods", + "property_type": "Collection", + "property_default_value": "client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The acceptable client authentication methods", + "note": "" + }, + { + "property_name": "idp.oauth2.grantTypes", + "property_type": "Collection", + "property_default_value": "authorization_code,refresh_token", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "OAuth grant types to allow", + "note": "" + }, + { + "property_name": "idp.oauth2.enforceRefreshTokenRotation", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3.2, + "description": "Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.", + "note": "" + }, + { + "property_name": "idp.oauth2.accessToken.type", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3.2, + "description": "Format of access token. Supported values are JWT or nothing.", + "note": "" + }, + { + "property_name": "idp.oauth2.encryptionOptional", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token", + "note": "" + }, + { + "property_name": "idp.oauth2.accessToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of access token issued to client for resource server", + "note": "" + }, + { + "property_name": "idp.oauth2.revocationMethod", + "property_type": "string", + "property_default_value": "CHAIN", + "config_category": "OPRevocation", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultRegistrationValidity", + "property_type": "duration", + "property_default_value": "PT24H", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Registration lifetime", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultScope", + "property_type": "string", + "property_default_value": "openid profile email address phone offline_access", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The default scopes accepted in dynamic registration", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultSubjectType", + "property_type": "string", + "property_default_value": "public", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The default subject type if not set by client in request. Maybe set to pairwise or public.", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultMetadataPolicyFile", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "OPMetadataPolicies", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Full path to the file containing default metadata policy used for dynamic client registration", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.tokenEndpointAuthMethods", + "property_type": "Collection", + "property_default_value": "client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The acceptable client authentication methods when using dynamic registration", + "note": "" + }, + { + "property_name": "idp.signing.oidc.rs.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-signing-rs.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK RSA signing keypair", + "note": "" + }, + { + "property_name": "idp.signing.oidc.es.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-signing-es.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK EC signing keypair", + "note": "" + }, + { + "property_name": "idp.signing.oidc.rsa.enc.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-encryption-rsa.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK RSA decryption keypair", + "note": "" + }, + { + "property_name": "idp.oidc.signing.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.SigningConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default signing configuration", + "note": "" + }, + { + "property_name": "idp.oidc.encryption.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.EncryptionConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default encryption configuration", + "note": "" + }, + { + "property_name": "idp.oidc.rodecrypt.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.requestObjectDecryptionConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default request decryption configuration", + "note": "" + }, + { + "property_name": "idp.oidc.rovalid.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.requestObjectSignatureValidationConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default request signature validation configuration", + "note": "one of these has the wrong name" + }, + { + "property_name": "idp.oidc.rovalid.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default JWT token validation configuration", + "note": "one of these has the wrong name" + }, + { + "property_name": "idp.authn.OAuth2Client.requireAll", + "property_type": "bool", + "property_default_value": false, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether all validators must succeed or just one", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.removeAfterValidation", + "property_type": "bool", + "property_default_value": true, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.retainAsPrivateCredential", + "property_type": "bool", + "property_default_value": false, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution", + "note": "use with caution as it retains the password and makes it available in plaintext from within server memory at various stages." + }, + { + "property_name": "idp.authn.OAuth2Client.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.OAuth2Client.supportedPrincipals", + "property_type": "string", + "property_default_value": "none", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.oidc.ResponseHeaderFilter", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ResponseHeaderFilter", + "config_category": "OPCustomFilterRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints", + "note": "" + }, + { + "property_name": "idp.oidc.discovery.template", + "property_type": "resource path", + "property_default_value": "%{idp.home}/static/openid-configuration.json", + "config_category": "OPDiscovery", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Location of discovery template to use", + "note": "" + }, + { + "property_name": "idp.oidc.discovery.resolver", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.DefaultOpenIdConfigurationResolver", + "config_category": "OPDiscovery", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Implementation bean for discovery shouldn't require alteration", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.logging", + "property_type": "string", + "property_default_value": "IssueRegistrationAccessToken", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Audit logging label for this profile", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.nonBrowserSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Enables support for non-browser-based authentication", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to enable user authentication for requests", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to resolve attributes if authentication is enabled", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.defaultTokenLifetime", + "property_type": "duration", + "property_default_value": "P1D", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Default access token lifetime if not specified", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to all requests", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.policyLocationPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a policyLocation", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.policyIdPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a policyId", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.clientIdPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a clientId", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.lookup.policy", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "If true any failures during initialization of any resolvers result in IdP startup failure", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.checkInterval", + "property_type": "duration", + "property_default_value": "PT0S", + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "When non-zero enables monitoring of resources for service reload", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ClientInformationResolverResources", + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of bean used to define the resources to use in configuring this service", + "note": "" + }, + { + "property_name": "idp.oauth2.defaultAllowedScope", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OPClientCredentialsGrant", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "bean of type Function called shibboleth.oidc.AllowedScopeStrategy", + "note": "" + }, + { + "property_name": "idp.oauth2.defaultAllowedAudience", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OPClientCredentialsGrant", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy", + "note": "" + }, + { + "property_name": "idp.oauth2.authn.flows", + "property_type": "regex", + "property_default_value": "OAuth2Client", + "config_category": "OPClientAuthentication", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Regular expression matching OAuth login flows to enable.", + "note": "" + }, + { + "property_name": "idp.oidc.subject.sourceAttribute", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The source attribute used in generating the sub claim", + "note": "" + }, + { + "property_name": "idp.oidc.subject.algorithm", + "property_type": "string", + "property_default_value": "SHA", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The digest algorithm used in generating the sub claim", + "note": "" + }, + { + "property_name": "idp.oidc.subject.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow enforces upstream IdP-imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow considers itself to be proxying", + "note": "and therefore enforces SP-signaled restrictions on proxying" + }, + { + "property_name": "idp.authn.DuoOIDC.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether to invoke IdP-discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofPredicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofPredicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofBiConsumer for subject customization", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Comma-delimited list of protocol-specific Principalstrings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow", + "note": "" + }, + { + "property_name": "idp.duo.oidc.apiHost", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "DuoOIDC API hostname assigned to the integration", + "note": "" + }, + { + "property_name": "idp.duo.oidc.clientId", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The OAuth 2.0 Client Identifier valid at the Authorization Server", + "note": "" + }, + { + "property_name": "idp.duo.oidc.redirectURL", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Redirection URI to which the 2FA response will be sent", + "note": "ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback" + }, + { + "property_name": "idp.duo.oidc.redirecturl.allowedOrigins", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.health", + "property_type": "string", + "property_default_value": "/oauth/v1/health_check", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 health check endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.token", + "property_type": "string", + "property_default_value": "/oauth/v1/token", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 token endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.authorize", + "property_type": "string", + "property_default_value": "/oauth/v1/authorize", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 authorization endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.clockSkew", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Leeway allowed in token expiry calculations", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.iatWindow", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Maximum amount (in either direction from now) of duration for which a token is valid after it is issued", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.issuerPath", + "property_type": "string", + "property_default_value": "/oauth/v1/token", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.preferredUsername", + "property_type": "string", + "property_default_value": "preferred_username", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.authLifetime", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "How long the authentication is valid. Only applies to forced authentication requests.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.apiHost", + "property_type": "string", + "property_default_value": "%{idp.duo.oidc.apiHost}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI hostname assigned to the integration", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI integration key supplied by Duo", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI secret key supplied by Duo", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.factor", + "property_type": "strinig", + "property_default_value": "X-Shibboleth-Duo-Factor", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI factor", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.device", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Device", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI device ID or name", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.passcode", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Passcode", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI passcode", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.auto", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Allow the factor to be defaulted in as \"auto\" if no headers are received", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.clientAddressTrusted", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Pass client address to Duo in API calls to support logging", + "note": "push display" + }, + { + "property_name": "idp.duo.oidc.connectionTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum length of time to wait for the connection to be established", + "note": "" + }, + { + "property_name": "idp.duo.oidc.connectionRequestTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum length of time to wait for a connection to be returned from the connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.socketTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum period inactivity between two consecutive data packets", + "note": "" + }, + { + "property_name": "idp.duo.oidc.maxConnectionsTotal", + "property_type": "int", + "property_default_value": 100, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Max total simultaneous connections allowed by the pooling connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.maxConnectionsPerRoute", + "property_type": "int", + "property_default_value": 100, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Max simultaneous connections per route allowed by the pooling connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nimbus.checkRevocation", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "To enable certificate revocation checking", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.headerName", + "property_type": "string", + "property_default_value": "X-Shibboleth-TOTP", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of request header to use for extracting non-browser submitted token codes", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.fieldName", + "property_type": "string", + "property_default_value": "tokencode", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of HTML form field to use for locating browser-submitted token codes", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.tokenSeedAttribute", + "property_type": "string", + "property_default_value": "tokenSeeds", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of IdPAttribute to resolve to obtain token seeds for users", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow enforces upstream IdP-imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow considers itself to be proxying", + "note": "and therefore enforces SP-signaled restrictions on proxying" + }, + { + "property_name": "idp.authn.TOTP.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether to invoke IdP-discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofPredicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofPredicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofBiConsumer for subject customization", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Comma-delimited list of protocol-specific Principalstrings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow", + "note": "" + }, + { + "property_name": "idp.metadata.dnsname", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier", + "note": "" + }, + { + "property_name": "idp.metadata.backchannel.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.path", + "property_type": "URL", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.height", + "property_type": "int", + "property_default_value": 80, + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "The height of the logo in pixels.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.width", + "property_type": "init", + "property_default_value": 80, + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "The width of the logo in pixels", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.langs", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.displayname.", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.description.", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language", + "note": "" + }, + { + "property_name": "idp.oidc.encryptionOptional", + "property_type": "bool", + "property_default_value": false, + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.defaultSecretExpiration", + "property_type": "duration", + "property_default_value": "P12M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The validity of client secret registered", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.allowNoneForRequestSigning", + "property_type": "bool", + "property_default_value": true, + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Regardless of what signing algorithms are configured allow none for request object signing", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.validateRemoteJwks", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request", + "note": "no doc" + }, + { + "property_name": "idp.oidc.jwk.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Storage for storing remote jwk sets.", + "note": "no doc" + }, + { + "property_name": "idp.oidc.metadata.saml", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution", + "note": "no doc" + }, + { + "property_name": "idp.oidc.jwksuri.fetchInterval", + "property_type": "duration", + "property_default_value": "PT30M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Upgrade interval to the remote JWKs", + "note": "no doc" + }, + { + "property_name": "idp.oidc.config.minRefreshDelay", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bounds on the next file refresh of the OP configuration resource", + "note": "no doc" + }, + { + "property_name": "idp.oidc.config.maxRefreshDelay", + "property_type": "duration", + "property_default_value": "PT4H", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bounds on the next file refresh of the OP configuration resource", + "note": "no doc" + }, + { + "property_name": "idp.oidc.LoginHintLookupStrategy", + "property_type": "Bean ID", + "property_default_value": "DefaultRequestLoginHintLookupFunction", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is.", + "note": "no doc" + }, + { + "property_name": "idp.oidc.SPSessionCreationStrategy", + "property_type": "Bean ID", + "property_default_value": "DefaultSPSessionCreationStrategy", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported.", + "note": "no doc" + } ] \ No newline at end of file diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 93d9ff1d9..7229a27c3 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -1,26 +1,99 @@ -import React from 'react'; +import React, { Fragment } from 'react'; import Button from 'react-bootstrap/Button'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons'; +import { Highlighter, Menu, MenuItem, Token, Typeahead } from 'react-bootstrap-typeahead'; import Translate from '../../i18n/components/translate'; +import { ToggleButton } from '../../form/component/ToggleButton'; -import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager'; +import { useProperties, usePropertiesLoading } from '../hoc/PropertiesProvider'; +import { groupBy } from 'lodash'; +import { useCallback } from 'react'; -export function ConfigurationForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { +export function ConfigurationForm({ configuration = {}, errors = [], schema, onSave, onCancel }) { - const { dispatch } = React.useContext(FormContext); - const onChange = ({ formData, errors }) => { - dispatch(setFormDataAction(formData)); - dispatch(setFormErrorAction(errors)); + const properties = useProperties(); + const loading = usePropertiesLoading(); + + const select = (data) => { + console.log(data); + setSelected(data); + }; + + const [selected, setSelected] = React.useState([]); + + const [config, setConfig] = React.useState({ name: '', properties: [] }); + + // config.properties.filter(p => p.category === item.category).length === properties.filter(p => p.category === item.category).length + + const menu = useCallback((results, menuProps, state) => { + let index = 0; + const mapped = results.map(p => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p); + const grouped = groupBy(mapped, 'category'); + const items = Object.keys(grouped).sort().map((item) => ( + + {index !== 0 && } + + + {item} - Add all + + + {grouped[item].map((i) => { + const item = + p.propertyName === i.propertyName) }> + + {`- ${i.propertyName}`} + + ; + index += 1; + return item; + })} + + )); + + return {items}; + }, [config.properties]); + + const token = (option, { onRemove }, index) => ( + + {`${option.propertyName}`} + + ); + + const addProperties = (props) => { + + const parsed = props.reduce((coll, prop, idx) => { + if (prop.isCategory) { + return [...coll, ...properties.filter(p => p.category === prop.category)]; + } else { + return [...coll, prop]; + } + }, []); + + setConfig({ + ...config, + properties: [ + ...config.properties, + ...parsed, + ] + }); + setSelected([]); }; + React.useEffect(() => console.log(selected), [selected]); + return (<>
+
+
+
+
+
+
+ + + + + + + + + + + {config.properties.map((p, idx) => ( + + + + + + + ))} + +
PropertyCategoryTypeValue
{ p.propertyName }
diff --git a/ui/src/app/admin/container/EditConfiguration.js b/ui/src/app/admin/container/EditConfiguration.js index 4703cc098..131ec0383 100644 --- a/ui/src/app/admin/container/EditConfiguration.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -3,11 +3,11 @@ import React from 'react'; import { Prompt, useHistory } from 'react-router-dom'; import { useParams } from 'react-router-dom'; import Translate from '../../i18n/components/translate'; -import { useProperties } from '../hooks'; +import { useConfigurations } from '../hooks'; import { Schema } from '../../form/Schema'; import { FormManager } from '../../form/FormManager'; -import { PropertyProvider } from '../hoc/PropertyProvider'; +import { ConfigurationsProvider } from '../hoc/ConfigurationsProvider'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; @@ -22,7 +22,7 @@ export function EditConfiguration() { const history = useHistory(); - const { put, response, loading } = useProperties(); + const { put, response, loading } = useConfigurations(); const [blocking, setBlocking] = React.useState(false); @@ -66,7 +66,7 @@ export function EditConfiguration() {
- + {(property) => {(schema) => @@ -84,7 +84,7 @@ export function EditConfiguration() { }} } - +
diff --git a/ui/src/app/admin/container/NewConfiguration.js b/ui/src/app/admin/container/NewConfiguration.js index 5169954b1..d2ece36a9 100644 --- a/ui/src/app/admin/container/NewConfiguration.js +++ b/ui/src/app/admin/container/NewConfiguration.js @@ -2,7 +2,7 @@ import React from 'react'; import { Prompt, useHistory } from 'react-router-dom'; import Translate from '../../i18n/components/translate'; -import { useProperties } from '../hooks'; +import { useConfiguration } from '../hooks'; import { Schema } from '../../form/Schema'; import { FormManager } from '../../form/FormManager'; import { ConfigurationForm } from '../component/ConfigurationForm'; @@ -10,13 +10,14 @@ import { ConfigurationForm } from '../component/ConfigurationForm'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; +import { PropertiesProvider } from '../hoc/PropertiesProvider'; export function NewConfiguration() { const history = useHistory(); const notifier = useNotificationDispatcher(); const translator = useTranslator(); - const { post, response, loading } = useProperties({}); + const { post, response, loading } = useConfiguration({}); const [blocking, setBlocking] = React.useState(false); @@ -55,24 +56,26 @@ export function NewConfiguration() {
- Add a new property + Create new configuration set
- - {(schema) => - - {(data, errors) => - save(data)} - onCancel={() => cancel()} />} - } - + + + {(schema) => + + {(data, errors) => + save(data)} + onCancel={() => cancel()} />} + } + +
diff --git a/ui/src/app/admin/hoc/ConfigurationsProvider.js b/ui/src/app/admin/hoc/ConfigurationsProvider.js index 256805cdc..495743cc2 100644 --- a/ui/src/app/admin/hoc/ConfigurationsProvider.js +++ b/ui/src/app/admin/hoc/ConfigurationsProvider.js @@ -1,31 +1,31 @@ import React from 'react'; -import { useProperties } from '../hooks'; +import { useConfigurations } from '../hooks'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; export function ConfigurationsProvider({ children, cache = 'no-cache' }) { - const [properties, setProperties] = React.useState([]); + const [configurations, setConfigurations] = React.useState([]); const notifier = useNotificationDispatcher(); const translator = useTranslator(); - const { get, del, response, loading } = useProperties({ + const { get, del, response, loading } = useConfigurations({ cachePolicy: cache }); - async function loadProperties() { + async function loadConfigurations() { const list = await get(`assets/data/properties.json`); if (response.ok) { - setProperties(list); + setConfigurations(list); } } - async function removeProperty(id) { + async function removeConfiguration(id) { let toast; const resp = await del(`/${id}`); if (response.ok) { - loadProperties(); + loadConfigurations(); toast = createNotificationAction(`Deleted property successfully.`, NotificationTypes.SUCCESS); } else { toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); @@ -36,7 +36,7 @@ export function ConfigurationsProvider({ children, cache = 'no-cache' }) { } /*eslint-disable react-hooks/exhaustive-deps*/ - React.useEffect(() => { loadProperties() }, []); + React.useEffect(() => { loadConfigurations() }, []); - return (<>{children(properties, removeProperty, loading)}); + return (<>{children(configurations, removeConfiguration, loading)}); } \ No newline at end of file diff --git a/ui/src/app/admin/hoc/PropertiesProvider.js b/ui/src/app/admin/hoc/PropertiesProvider.js new file mode 100644 index 000000000..55dde0696 --- /dev/null +++ b/ui/src/app/admin/hoc/PropertiesProvider.js @@ -0,0 +1,50 @@ +import React from 'react'; +import useFetch from 'use-http'; +import API_BASE_PATH, { BASE_PATH } from '../../App.constant'; +import has from 'lodash/has'; +import { groupBy } from 'lodash'; + + +const PropertiesContext = React.createContext(); + +const { Provider, Consumer } = PropertiesContext; + +function PropertiesProvider({ children, cache = 'no-cache' }) { + + const [properties, setProperties] = React.useState([]); + + + const { get, response, loading } = useFetch('', { + cachePolicy: cache + }); + + async function loadProperties() { + const list = await get(`${API_BASE_PATH}/shib/properties`); + if (response.ok) { + setProperties(list); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperties() }, []); + + return ({children}); +} + +function useProperties() { + const { properties } = React.useContext(PropertiesContext); + return properties; +} + +function usePropertiesLoading() { + const { loading } = React.useContext(PropertiesContext); + return loading; +} + +export { + PropertiesProvider, + PropertiesContext, + Consumer as PropertiesConsumer, + useProperties, + usePropertiesLoading, +}; diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js index 955c510a6..328391778 100644 --- a/ui/src/app/admin/hooks.js +++ b/ui/src/app/admin/hooks.js @@ -1,7 +1,7 @@ import useFetch from 'use-http'; import isNil from 'lodash/isNil'; import {isValidRegex} from '../core/utility/is_valid_regex'; -import API_BASE_PATH from '../App.constant'; +import API_BASE_PATH, { BASE_PATH } from '../App.constant'; export function useGroups (opts = { cachePolicy: 'no-cache' }) { return useFetch(`${API_BASE_PATH}/admin/groups`, opts); @@ -47,18 +47,18 @@ export function useRoleUiSchema() { return {}; } -export function useProperties (opts = { cachePolicy: 'no-cache' }) { - return useFetch(`${API_BASE_PATH}/admin/properties`, opts); +export function useConfigurations (opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/configurations`, opts); } -export function useProperty (id, opts = { cachePolicy: 'no-cache' }) { - return useFetch(`${API_BASE_PATH}/admin/property/${id}`, opts); +export function useConfiguration(id, opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/configuration/${id}`, opts); } -export function usePropertyUiSchema () { +export function useConfigurationUiSchema () { return { description: { 'ui:widget': 'textarea' } }; -} +} \ No newline at end of file diff --git a/ui/src/app/form/component/ToggleButton.js b/ui/src/app/form/component/ToggleButton.js new file mode 100644 index 000000000..d45c04cd4 --- /dev/null +++ b/ui/src/app/form/component/ToggleButton.js @@ -0,0 +1,23 @@ +import Button from 'react-bootstrap/Button'; +import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; +import { faCaretDown, faCaretUp } from "@fortawesome/free-solid-svg-icons"; + +export function ToggleButton ({ isOpen, onClick, disabled, children }) { + return ( + + ); +} + +export default ToggleButton; \ No newline at end of file diff --git a/ui/src/app/form/component/widgets/OptionWidget.js b/ui/src/app/form/component/widgets/OptionWidget.js index 92fc81b3d..b4ac812c6 100644 --- a/ui/src/app/form/component/widgets/OptionWidget.js +++ b/ui/src/app/form/component/widgets/OptionWidget.js @@ -2,31 +2,17 @@ import React, { useRef } from "react"; import ListGroup from "react-bootstrap/ListGroup"; import Form from "react-bootstrap/Form"; -import Button from 'react-bootstrap/Button'; + import Translate from "../../../i18n/components/translate"; import { InfoIcon } from "../InfoIcon"; import { Typeahead } from 'react-bootstrap-typeahead'; import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; -import { faAsterisk, faCaretDown, faCaretUp } from "@fortawesome/free-solid-svg-icons"; +import { faAsterisk } from "@fortawesome/free-solid-svg-icons"; import { useTranslator } from "../../../i18n/hooks"; +import { ToggleButton } from '../ToggleButton'; -const ToggleButton = ({ isOpen, onClick, disabled, children }) => ( - -); const OptionWidget = ({ id, diff --git a/ui/src/theme/project/index.scss b/ui/src/theme/project/index.scss index 4e36779c5..6d0de6f9a 100644 --- a/ui/src/theme/project/index.scss +++ b/ui/src/theme/project/index.scss @@ -13,6 +13,7 @@ @import './utility'; @import './notifications'; @import './filters'; +@import './typeahead'; html, body { height: 100%; diff --git a/ui/src/theme/project/typeahead.scss b/ui/src/theme/project/typeahead.scss new file mode 100644 index 000000000..0fca115fa --- /dev/null +++ b/ui/src/theme/project/typeahead.scss @@ -0,0 +1,43 @@ +@import '~react-bootstrap-typeahead/css/Typeahead'; + +.rbt-token-removeable { + cursor: pointer; + padding-right: 21px; +} + +.rbt-token { + background-color: #e7f4ff; + border: 0; + border-radius: .25rem; + color: #007bff; + display: inline-block; + line-height: 1em; + margin: 1px 3px 2px 0; + padding: 4px 7px; + padding-right: 1.8em; + position: relative; + + .rbt-token-remove-button { + bottom: 0; + color: inherit; + font-size: inherit; + font-weight: normal; + opacity: 1; + outline: none; + padding: 3px 7px; + position: absolute; + right: 0; + text-shadow: none; + top: 0px; + + box-sizing: content-box; + width: 1em; + height: 1em; + padding: .25em .25em; + color: inherit; + background: transparent url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='#007bff' %3e%3cpath d='M.293.293a1 1 0 0 1 1.414 0L8 6.586 14.293.293a1 1 0 1 1 1.414 1.414L9.414 8l6.293 6.293a1 1 0 0 1-1.414 1.414L8 9.414l-6.293 6.293a1 1 0 0 1-1.414-1.414L6.586 8 .293 1.707a1 1 0 0 1 0-1.414z'/%3e%3c/svg%3e") center/1em auto no-repeat; + border: 0; + border-radius: .375rem; + } +} + From f467c5a8504b59947f8a8404c24d646de55fe64c Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Fri, 19 Aug 2022 12:31:33 -0700 Subject: [PATCH 47/58] Updated search Former-commit-id: 5bf13c34c4ce658bcce8d2c89677a4622f00dea4 --- .../main/resources/i18n/messages.properties | 7 + ui/public/data/properties.json | 8529 +++++++++++++++-- .../app/admin/component/ConfigurationForm.js | 141 +- .../app/admin/container/EditConfiguration.js | 10 +- .../app/admin/container/NewConfiguration.js | 35 +- .../app/admin/hoc/ConfigurationsProvider.js | 18 +- ui/src/app/admin/hoc/PropertiesProvider.js | 50 + ui/src/app/admin/hooks.js | 14 +- ui/src/app/form/component/ToggleButton.js | 23 + .../form/component/widgets/OptionWidget.js | 20 +- ui/src/theme/project/index.scss | 1 + ui/src/theme/project/typeahead.scss | 43 + 12 files changed, 8171 insertions(+), 720 deletions(-) create mode 100644 ui/src/app/admin/hoc/PropertiesProvider.js create mode 100644 ui/src/app/form/component/ToggleButton.js create mode 100644 ui/src/theme/project/typeahead.scss diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index c225aa4c3..95a496e69 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -78,6 +78,9 @@ action.select-bundle=Select Bundle action.get-latest=Get latest +action.configurations=Shibboleth configurations +action.create-new-configuration=Create Shibboleth configuration set + value.enabled=Enabled value.disabled=Disabled value.current=Current @@ -530,6 +533,10 @@ label.role-name=Role Name label.role-description=Role Description label.role=Role +label.configuration-management=Manage Shibboleth configurations +label.configuration-name=Shibboleth configuration sets +label.new-configuration=Create new configuration set + message.delete-role-title=Delete Role? message.delete-role-body=You are requesting to delete a role. If you complete this process the role will be removed. This cannot be undone. Do you wish to continue? diff --git a/ui/public/data/properties.json b/ui/public/data/properties.json index a022a4fd5..dea2860f5 100644 --- a/ui/public/data/properties.json +++ b/ui/public/data/properties.json @@ -1,659 +1,7874 @@ [ -{"note":"ex. /conf/ldap.properties, /conf/services.properties","property_name":"idp.additionalProperties","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set."}, -{"note":"","property_name":"idp.searchForProperties","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-load all files matching conf/**/*.properties"}, -{"note":"ex. https://unicon.net/idp/shibboleth","property_name":"idp.entityID","idp_vers":"all","property_default_value":"none","property_type":"URI","module_vers":"","configuration_cat":"RP","module":"","description":"The unique name of the IdP used as the iisuer in all SAML profiles"}, -{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, -{"note":"","property_name":"idp.artifact.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether to allow use of the SAML artifact bindings when sending messages"}, -{"note":"","property_name":"idp.artifact.secureChannel","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)"}, -{"note":"","property_name":"idp.artifact.endpointIndex","idp_vers":"all","property_default_value":"2","property_type":"int","module_vers":"","configuration_cat":"RP","module":"","description":"Identifies the endpoint in SAML metadata associated with artifacts issued by a server node"}, -{"note":"","property_name":"idp.artifact.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)"}, -{"note":"","property_name":"idp.bindings.inMetadataOrder","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout."}, -{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"file pathname","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, -{"note":"","property_name":"idp.scope","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"applies a (fixed) scope typically a domain-valued suffix to an input attribute's values"}, -{"note":"","property_name":"idp.cookie.secure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will be limited to TLS"}, -{"note":"","property_name":"idp.cookie.httpOnly","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property"}, -{"note":"","property_name":"idp.cookie.domain","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the domain of any cookies issued by the IdP (not including the container)"}, -{"note":"","property_name":"idp.cookie.path","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the path of any cookies issued by the IdP (not including the container)"}, -{"note":"","property_name":"idp.cookie.maxAge","idp_vers":"all","property_default_value":"31536000","property_type":"int","module_vers":"","configuration_cat":"SEC","module":"","description":"Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)"}, -{"note":"","property_name":"idp.cookie.sameSite","idp_vers":"all","property_default_value":"None","property_type":"Null/None/Lax/Strict","module_vers":"","configuration_cat":"SEC","module":"","description":"Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified"}, -{"note":"","property_name":"idp.cookie.sameSiteCondition","idp_vers":"all","property_default_value":"shibboleth.Conditions.FALSE","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SEC","module":"","description":"Predicate condition bean controlling whether SameSite filter runs"}, -{"note":"","property_name":"idp.sealer.keyStrategy","idp_vers":"all","property_default_value":"shibboleth.DataSealerKeyStrategy","property_type":"Bean ID of DataSealerKeyStrategy","module_vers":"","configuration_cat":"SEC","module":"","description":"Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option."}, -{"note":"","property_name":"idp.sealer.storeType","idp_vers":"all","property_default_value":"JCEKS","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Type of Java keystore used for IdP's internal AES encryption key"}, -{"note":"","property_name":"idp.sealer.updateInterval","idp_vers":"all","property_default_value":"PT15M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Time between checks for a new AES key version"}, -{"note":"","property_name":"idp.sealer.aliasBase","idp_vers":"all","property_default_value":"secret","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)"}, -{"note":"","property_name":"idp.sealer.storeResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore resource containing AES encryption key usually a file path"}, -{"note":"","property_name":"idp.sealer.versionResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource that tracks the active AES encryption key version usually a file path"}, -{"note":"","property_name":"idp.sealer.storePassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore password unlocking AES encryption keystore typically set during installation"}, -{"note":"","property_name":"idp.sealer.keyPassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Key password unlocking AES encryption key typically set to the same as the previous property and set during installation"}, -{"note":"","property_name":"idp.signing.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing private key for signing typically a file in the credentials directory"}, -{"note":"","property_name":"idp.signing.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory"}, -{"note":"","property_name":"idp.encryption.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a private key for decryption typically a file in the credentials directory"}, -{"note":"","property_name":"idp.encryption.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory"}, -{"note":"","property_name":"idp.encryption.key.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate private key for decryption generally unused except while changing decryption keys"}, -{"note":"","property_name":"idp.encryption.cert.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate public key certificate generally unused except while changing decryption keys"}, -{"note":"","property_name":"idp.security.config","idp_vers":"all","property_default_value":"shibboleth.DefaultSecurityConfiguration","property_type":"Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SecurityConfiguration "}, -{"note":"","property_name":"idp.signing.config","idp_vers":"all","property_default_value":"shibboleth.SigningConfiguration.SHA256","property_type":"Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SignatureSigningConfiguration"}, -{"note":"","property_name":"idp.encryption.config","idp_vers":"all","property_default_value":"shibboleth.EncryptionConfiguration.CBC","property_type":"Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default EncryptionConfiguration"}, -{"note":"","property_name":"idp.encryption.optional","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true failure to locate an encryption key to use won't result in request failure "}, -{"note":"","property_name":"idp.encryption.keyagreement.metadata.defaultUseKeyWrap","idp_vers":"all","property_default_value":"Default","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration"}, -{"note":"","property_name":"idp.trust.signatures","idp_vers":"all","property_default_value":"shibboleth.ChainingSignatureTrustEngine","property_type":"Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify signatures"}, -{"note":"","property_name":"idp.trust.certificates","idp_vers":"all","property_default_value":"shibboleth.ChainingX509TrustEngine","property_type":"Bean ID of TrustEngine (org.opensaml.security.trust)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify TLS certificates"}, -{"note":"","property_name":"idp.policy.messageLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped messages"}, -{"note":"","property_name":"idp.policy.assertionLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped assertions"}, -{"note":"","property_name":"idp.policy.clockSkew","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default allowance for clock differences between systems"}, -{"note":"","property_name":"idp.security.basicKeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.BasicKeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the BasicKeyInfoGeneratorFactory used by default"}, -{"note":"","property_name":"idp.security.x509KeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.X509KeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the X509KeyInfoGeneratorFactory used by default"}, -{"note":"","property_name":"idp.csrf.enabled","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CSRF","module":"","description":"Enables CSRF protection"}, -{"note":"","property_name":"idp.csrf.token.parameter","idp_vers":"4","property_default_value":"csrf_token","property_type":"string","module_vers":"","configuration_cat":"CSRF","module":"","description":"Name of the HTTP parameter that stores the CSRF token"}, -{"note":"","property_name":"idp.hsts","idp_vers":"all","property_default_value":"max-age=0","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an HSTS response header"}, -{"note":"","property_name":"idp.frameoptions","idp_vers":"all","property_default_value":"DENY","property_type":"DENY/SAMEORIGIN","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an X-Frame-Options response header"}, -{"note":"","property_name":"idp.csp","idp_vers":"all","property_default_value":"frame-ancestors 'none'","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures a Content Security Policy response header"}, -{"note":"","property_name":"idp.webflows","idp_vers":"all","property_default_value":"%{idp.home}/flows","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-supplied webflows from"}, -{"note":"","property_name":"idp.views","idp_vers":"all","property_default_value":"%{idp.home}/views","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading."}, -{"note":"","property_name":"idp.errors.detailed","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to expose detailed error causes in status information provided to outside parties"}, -{"note":"","property_name":"idp.errors.signed","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)"}, -{"note":"","property_name":"idp.errors.defaultView","idp_vers":"all","property_default_value":"error","property_type":"string","module_vers":"","configuration_cat":"ERR","module":"","description":"The default view name to render for exceptions and events"}, -{"note":"","property_name":"idp.errors.excludedExceptions","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Properties (java.util.Properties)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class)."}, -{"note":"","property_name":"idp.errors.exceptionMappings","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Collection (java.util)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)"}, -{"note":"","property_name":"idp.storage.cleanupInterval","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"STOR","module":"","description":"Interval of background thread sweeping server-side storage for expired records"}, -{"note":"","property_name":"idp.storage.htmlLocalStorage","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether to use HTML Local Storage (if available) instead of cookies"}, -{"note":"","property_name":"idp.storage.clientSessionStorageName","idp_vers":"all","property_default_value":"shib_idp_session_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default per-session instance of the client storage service"}, -{"note":"","property_name":"idp.storage.clientPersistentStorageName","idp_vers":"all","property_default_value":"shib_idp_persistent_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default persistent instance of the client storage service"}, -{"note":"","property_name":"idp.replayCache.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for message replay checking (must be server-side)"}, -{"note":"","property_name":"idp.replayCache.strict","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether storage errors during replay checks should be treated as a replay"}, -{"note":"","property_name":"idp.session.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to enable the IdP's session tracking feature"}, -{"note":"","property_name":"idp.session.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientSessionStorageService","property_type":"Bean ID of StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"SESS","module":"","description":"Bean name of a storage implementation/configuration to use for IdP sessions"}, -{"note":"","property_name":"idp.session.cookieName","idp_vers":"4.2","property_default_value":"shib_idp_session","property_type":"string","module_vers":"","configuration_cat":"SESS","module":"","description":"Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)"}, -{"note":"","property_name":"idp.session.idSize","idp_vers":"all","property_default_value":"32","property_type":"int","module_vers":"","configuration_cat":"SESS","module":"","description":"Number of characters in IdP session identifiers"}, -{"note":"","property_name":"idp.session.consistentAddress","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to bind IdP sessions to IP addresses"}, -{"note":"","property_name":"idp.session.consistentAddressCondition","idp_vers":"all","property_default_value":"Direct string comparison","property_type":"BiPredicate","module_vers":"","configuration_cat":"SESS","module":"","description":"A 2-argument predicate that compares a bound session's address to a client address"}, -{"note":"","property_name":"idp.session.timeout","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Inactivity timeout policy for IdP sessions (must be non-zero)"}, -{"note":"","property_name":"idp.session.slop","idp_vers":"all","property_default_value":"0","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Extra time after expiration before removing SP sessions in case a logout is invoked"}, -{"note":"","property_name":"idp.session.maskStorageFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to hide storage failures from users during session cache reads/writes"}, -{"note":"","property_name":"idp.session.trackSPSessions","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)"}, -{"note":"","property_name":"idp.session.secondaryServiceIndex","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)"}, -{"note":"","property_name":"idp.session.defaultSPlifetime","idp_vers":"all","property_default_value":"PT2H","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting"}, -{"note":" ex. Password, MA, DUO","property_name":"idp.authn.flows","idp_vers":"all","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Required expression that identifies the login flows to globally enable"}, -{"note":" measured since first usage","property_name":"idp.authn.defaultLifetime","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default amount of time to allow reuse prior authentication flows"}, -{"note":" measured since last usage","property_name":"idp.authn.defaultTimeout","idp_vers":"all","property_default_value":"PT30M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default inactivity timeout to prevent reuse of prior authentication flows"}, -{"note":"","property_name":"idp.authn.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication"}, -{"note":"","property_name":"idp.authn.favorSSO","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to prioritize prior authentication results when an SP requests more than one possible matching method"}, -{"note":"","property_name":"idp.authn.rpui","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to populate information about the relying party into the tree for user interfaces during login and interceptors"}, -{"note":"","property_name":"idp.authn.identitySwitchIsError","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session."}, -{"note":"","property_name":"idp.authn.discoveryURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose"}, -{"note":"","property_name":"idp.authn.overrideRequestedAuthnContext","idp_vers":"4","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set."}, -{"note":"","property_name":"idp.consent.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientPersistentStorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of storage service used to store users' consent choices"}, -{"note":"","property_name":"idp.consent.attribute-release.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, -{"note":"","property_name":"idp.consent.attribute-release.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, -{"note":"","property_name":"idp.consent.attribute-release.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of attribute-release flow along with system default behavior"}, -{"note":"","property_name":"idp.consent.attribute-release.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, -{"note":"","property_name":"idp.consent.terms-of-use.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, -{"note":"","property_name":"idp.consent.terms-of-use.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, -{"note":"","property_name":"idp.consent.terms-of-use.consentValueMessageCodeSuffix","idp_vers":"all","property_default_value":".text","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Suffix of message property used as value of consent storage records when idp.consent.compareValues is true"}, -{"note":"","property_name":"idp.consent.terms-of-use.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of terms-of-use flow"}, -{"note":"","property_name":"idp.consent.terms-of-use.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, -{"note":"","property_name":"idp.consent.allowDoNotRemember","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether not remembering/storing consent is allowed"}, -{"note":"","property_name":"idp.consent.allowGlobal","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether consent to any attribute and to any relying party is allowed"}, -{"note":"","property_name":"idp.consent.allowPerAttribute","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether per-attribute consent is allowed"}, -{"note":"","property_name":"idp.consent.compareValues","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether attribute values and terms of use text are stored and compared for equality"}, -{"note":"","property_name":"idp.consent.maxStoredRecords","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit"}, -{"note":"","property_name":"idp.consent.expandedMaxStoredRecords","idp_vers":"all","property_default_value":"0","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using larger/server-side storage, 0 = no limit"}, -{"note":"","property_name":"idp.consent.storageRecordLifetime","idp_vers":"4.x","property_default_value":"(v4.0=P1Y,v4.1=infinite)","property_type":"duration","module_vers":"","configuration_cat":"CONS","module":"","description":"Time in milliseconds to expire consent storage records"}, -{"note":"","property_name":"idp.logout.elaboration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to search metadata for user interface information associated with every service involved in logout propagation"}, -{"note":"","property_name":"idp.logout.authenticated","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to require signed logout messages in accordance with the SAML 2.0 standard"}, -{"note":"","property_name":"idp.logout.promptUser","idp_vers":"all","property_default_value":"false","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SLO","module":"","description":"If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session"}, -{"note":"","property_name":"idp.logout.preserveQuery","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic"}, -{"note":"","property_name":"idp.logout.assumeAsync","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints"}, -{"note":"","property_name":"idp.logout.propagationHidden","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user"}, -{"note":"","property_name":"idp.soap.httpClient","idp_vers":"all","property_default_value":"SOAPClient.HttpClient","property_type":"Bean ID of HttpClient to use for SOAP-based logout","module_vers":"","configuration_cat":"IDP","module":"","description":"Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)"}, -{"note":"ex. en, fr, de","property_name":"idp.ui.fallbackLanguages","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited list","module_vers":"","configuration_cat":"IDP","module":"","description":"languages to use if no match can be found with the browser-supported languages"}, -{"note":"","property_name":"idp.cas.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CAS","module":"","description":"Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)"}, -{"note":"","property_name":"idp.cas.serviceRegistryClass","idp_vers":"all","property_default_value":"net.shibboleth.idp.cas.service.PatternServiceRegistry","property_type":"?","module_vers":"","configuration_cat":"CAS","module":"","description":"CAS service registry implementation class"}, -{"note":"","property_name":"idp.cas.relyingPartyIdFromMetadata","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CAS","module":"","description":"If true CAS services provisioned with SAML metadata are identified via entityID"}, -{"note":"","property_name":"idp.fticks.federation","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Enables F-TICKS output and specifies the value of the federation-identifier field"}, -{"note":"","property_name":"idp.fticks.condition","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"FTICK","module":"","description":"Optional bean name of a Predicate to use to decide whether to run"}, -{"note":"","property_name":"idp.fticks.algorithm","idp_vers":"all","property_default_value":"SHA-2","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Digest algorithm used to obscure usernames"}, -{"note":"","property_name":"idp.fticks.salt","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"A salt to apply when digesting usernames (if not specified, the username will not be included)"}, -{"note":"","property_name":"idp.fticks.loghost","idp_vers":"all","property_default_value":"localhost","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog host"}, -{"note":"","property_name":"idp.fticks.logport","idp_vers":"all","property_default_value":"514","property_type":"int","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog port"}, -{"note":"","property_name":"idp.audit.shortenBindings","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SERV","module":"","description":"Set false if you want SAML bindings \"spelled out\" in audit log"}, -{"note":"","property_name":"idp.velocity.runtime.strictmode","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Set to true to fail on velocity syntax errors"}, -{"note":"","property_name":"idp.intercept.External.externalPath","idp_vers":"all","property_default_value":"contextRelative:intercept.jsp","property_type":"path","module_vers":"","configuration_cat":"IDP","module":"","description":"Path to use with External interceptor flow"}, -{"note":"","property_name":"idp.impersonate.generalPolicy","idp_vers":"all","property_default_value":"GeneralImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, -{"note":"","property_name":"idp.impersonate.specificPolicy","idp_vers":"all","property_default_value":"SpecificImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, -{"note":"","property_name":"idp.authn.LDAP.authenticator","idp_vers":"all","property_default_value":"anonSearchAuthenticator","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator"}, -{"note":" ex. ldap://localhost or ldaps://localhost","property_name":"idp.authn.LDAP.ldapURL","idp_vers":"all","property_default_value":"none","property_type":"LDAP URI","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection URI for LDAP directory"}, -{"note":"","property_name":"idp.authn.LDAP.useStartTLS","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether StartTLS should be used after connecting with LDAP alone."}, -{"note":"","property_name":"idp.authn.LDAP.connectTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for the TCP connection to occur."}, -{"note":"","property_name":"idp.authn.LDAP.responseTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for an LDAP response message"}, -{"note":"","property_name":"idp.authn.LDAP.connectionStrategy","idp_vers":"all","property_default_value":"ACTIVE_PASSIVE","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM"}, -{"note":"","property_name":"idp.authn.LDAP.sslConfig","idp_vers":"all","property_default_value":"certificateTrust","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust"}, -{"note":"ex. %{idp.home}/credentials/ldap-server.crt","property_name":"idp.authn.LDAP.trustCertificates","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load trust anchors from when using sslConfig = certificateTrust"}, -{"note":"ex. %{idp.home}/credentials/ldap-server.truststore","property_name":"idp.authn.LDAP.trustStore","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust"}, -{"note":"","property_name":"idp.authn.LDAP.returnAttributes","idp_vers":"all","property_default_value":"none","property_type":"comma-seperated strings","module_vers":"","configuration_cat":"LDAP","module":"","description":"List of attributes to request during authentication"}, -{"note":"","property_name":"idp.authn.LDAP.baseDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.subtreeSearch","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.userFilter","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.bindDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.bindDNCredential","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties"}, -{"note":"ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com","property_name":"idp.authn.LDAP.dnFormat","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.resolveEntryOnFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails."}, -{"note":"","property_name":"idp.authn.LDAP.resolveEntryWithBindDN","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user."}, -{"note":"","property_name":"idp.authn.LDAP.usePasswordPolicy","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Policy Control."}, -{"note":"","property_name":"idp.authn.LDAP.usePasswordExpiration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Expired Control."}, -{"note":"","property_name":"idp.authn.LDAP.activeDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types."}, -{"note":"","property_name":"idp.authn.LDAP.freeIPADirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product."}, -{"note":"","property_name":"idp.authn.LDAP.eDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product."}, -{"note":"","property_name":"idp.authn.LDAP.disablePooling","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether connection pools should be used for LDAP authentication and DN resolution"}, -{"note":"","property_name":"idp.pool.LDAP.minSize","idp_vers":"all","property_default_value":"3","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Minimum LDAP connection pool size"}, -{"note":"","property_name":"idp.pool.LDAP.maxSize","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Maximum LDAP connection pool size"}, -{"note":"","property_name":"idp.pool.LDAP.validateOnCheckout","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections when checking them out of the pool"}, -{"note":"","property_name":"idp.pool.LDAP.validatePeriodically","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections in the background"}, -{"note":"","property_name":"idp.pool.LDAP.validatePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between validation if idp.pool.LDAP.validatePeriodically is true"}, -{"note":"","property_name":"idp.pool.LDAP.validateDN","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to search with the validateFilter: defaults to the rootDSE"}, -{"note":"","property_name":"idp.pool.LDAP.validateFilter","idp_vers":"4.0.1","property_default_value":"(objectClass=*)","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Search filter to execute in order to validate a pooled connection"}, -{"note":"","property_name":"idp.pool.LDAP.prunePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between looking for idle connections to reduce the pool back to its minimum size"}, -{"note":"","property_name":"idp.pool.LDAP.idleTime","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration connections must be idle to be eligible for pruning"}, -{"note":"","property_name":"idp.pool.LDAP.blockWaitTime","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration to wait for a free connection in the pool"}, -{"note":"","property_name":"idp.authn.LDAP.bindPoolPassivator","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind."}, -{"note":"","property_name":"idp.authn.JAAS.loginConfigNames","idp_vers":"4.1","property_default_value":"ShibUserPassAuth","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Comma-delimited set of JAAS application configuration names to use"}, -{"note":"","property_name":"idp.authn.JAAS.loginConfig","idp_vers":"4.1","property_default_value":"%{idp.home}/conf/authn/jaas.config","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Location of JAAS configuration file"}, -{"note":"","property_name":"idp.authn.Krb5.refreshConfig","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt"}, -{"note":"","property_name":"idp.authn.Krb5.preserveTicket","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set"}, -{"note":"","property_name":"idp.authn.Krb5.servicePrincipal","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it"}, -{"note":"","property_name":"idp.authn.Krb5.keytab","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal"}, -{"note":"","property_name":"idp.authn.External.externalAuthnPath","idp_vers":"4.1","property_default_value":"contextRelative:external.jsp","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Spring Web Flow redirection expression for the protected resource"}, -{"note":"","property_name":"idp.authn.External.matchExpression","idp_vers":"4.1","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Regular expression to match username against"}, -{"note":"","property_name":"idp.authn.External.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.External.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.External.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.External.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.External.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, -{"note":"","property_name":"idp.authn.External.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, -{"note":"","property_name":"idp.authn.External.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether to invoke IdP discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.External.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.External.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.External.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.External.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.External.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.RemoteUser.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUser.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.RemoteUserInternal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUserInternal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.SPNEGO.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.SPNEGO.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.X509.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.X509.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.X509Internal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.X509Internal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.IPAddress.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.IPAddress.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.Function.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.Function.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.Duo.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.Duo.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step"}, -{"note":"","property_name":"idp.authn.SAML.inboundMessageHandlerFunction","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of Function to run at the late stages of Response decoding/processing"}, -{"note":"","property_name":"idp.authn.SAML.assertionValidator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of AssertionValidator to run"}, -{"note":"","property_name":"idp.authn.SAML.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.SAML.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.SAML.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.SAML.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.SAML.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, -{"note":"","property_name":"idp.authn.SAML.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, -{"note":"","property_name":"idp.authn.SAML.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to invoke IdP discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.SAML.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.SAML.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.SAML.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.SAML.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.SAML.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.MFA.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.MFA.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of BiConsumer to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone"}, -{"note":"","property_name":"idp.c14n.x500.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, -{"note":"","property_name":"idp.c14n.x500.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, -{"note":"","property_name":"idp.c14n.x500.trim","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to trim leading and trailing whitespace from the username"}, -{"note":"","property_name":"idp.c14n.x500.subjectAltNameTypes","idp_vers":"4.1","property_default_value":"none","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of subjectAltName extension types to look for"}, -{"note":"","property_name":"idp.c14n.x500.objectIDs","idp_vers":"4.1","property_default_value":"2.5.4.3","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of attribute OIDs to search for in the subject DN"}, -{"note":"","property_name":"idp.c14n.saml.proxy.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, -{"note":"","property_name":"idp.c14n.saml.proxy.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, -{"note":"","property_name":"idp.c14n.saml.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, -{"note":"","property_name":"idp.c14n.saml.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2slo","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.logout","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.cas","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.status","idp_vers":"all","property_default_value":"Status","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.resolvertest","idp_vers":"all","property_default_value":"ResolverTest","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.serviceReload","idp_vers":"all","property_default_value":"Reload","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":"","property_name":"idp.audit.hashAlgorithm","idp_vers":"4.1","property_default_value":"SHA-256","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Hash algorithm to apply to various hashed fields"}, -{"note":"","property_name":"idp.audit.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Salt to apply to hashed fields must be set to use those fields"}, -{"note":"","property_name":"idp.oidc.issuer","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set the Open ID Connect Issuer value "}, -{"note":"","property_name":"idp.oidc.idToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT1H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of ID token"}, -{"note":"","property_name":"idp.oidc.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token"}, -{"note":"","property_name":"idp.oidc.authorizeCode.defaultLifetime","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of authorization code"}, -{"note":"","property_name":"idp.oidc.refreshToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT2H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of refresh token"}, -{"note":"","property_name":"idp.oidc.forcePKCE","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is required to use PKCE"}, -{"note":"","property_name":"idp.oidc.allowPKCEPlain","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is allowed to use PKCE code challenge method plain"}, -{"note":"","property_name":"idp.oidc.encodedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests"}, -{"note":"","property_name":"idp.oidc.encodeConsentInTokens","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage"}, -{"note":"","property_name":"idp.oidc.alwaysIncludedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to always include in ID token regardless of response_type"}, -{"note":"","property_name":"idp.oidc.deniedUserInfoAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to omit from UserInfo token"}, -{"note":"","property_name":"idp.oidc.revocationCache.authorizeCode.lifetime","idp_vers":"4.1","property_default_value":"PT6H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of entries in revocation cache for authorize code"}, -{"note":"","property_name":"idp.oidc.revocationCache.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of StorageService for revocation cache requires server-side storage"}, -{"note":"","property_name":"idp.oidc.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods"}, -{"note":"","property_name":"idp.oauth2.grantTypes","idp_vers":"4.1","property_default_value":"authorization_code,refresh_token","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"OAuth grant types to allow"}, -{"note":"","property_name":"idp.oauth2.enforceRefreshTokenRotation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token."}, -{"note":"","property_name":"idp.oauth2.accessToken.type","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Format of access token. Supported values are JWT or nothing."}, -{"note":"","property_name":"idp.oauth2.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token"}, -{"note":"","property_name":"idp.oauth2.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token issued to client for resource server"}, -{"note":"","property_name":"idp.oauth2.revocationMethod","idp_vers":"4.1","property_default_value":"CHAIN","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token"}, -{"note":"","property_name":"idp.oidc.dynreg.defaultRegistrationValidity","idp_vers":"4.1","property_default_value":"PT24H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Registration lifetime"}, -{"note":"","property_name":"idp.oidc.dynreg.defaultScope","idp_vers":"4.1","property_default_value":"openid profile email address phone offline_access","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default scopes accepted in dynamic registration"}, -{"note":"","property_name":"idp.oidc.dynreg.defaultSubjectType","idp_vers":"4.1","property_default_value":"public","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default subject type if not set by client in request. Maybe set to pairwise or public."}, -{"note":"","property_name":"idp.oidc.dynreg.defaultMetadataPolicyFile","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Full path to the file containing default metadata policy used for dynamic client registration"}, -{"note":"","property_name":"idp.oidc.dynreg.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods when using dynamic registration"}, -{"note":"","property_name":"idp.signing.oidc.rs.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-rs.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA signing keypair"}, -{"note":"","property_name":"idp.signing.oidc.es.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-es.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK EC signing keypair"}, -{"note":"","property_name":"idp.signing.oidc.rsa.enc.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-encryption-rsa.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA decryption keypair"}, -{"note":"","property_name":"idp.oidc.signing.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.SigningConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default signing configuration"}, -{"note":"","property_name":"idp.oidc.encryption.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.EncryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default encryption configuration"}, -{"note":"","property_name":"idp.oidc.rodecrypt.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectDecryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request decryption configuration"}, -{"note":"one of these has the wrong name","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request signature validation configuration"}, -{"note":"one of these has the wrong name ","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default JWT token validation configuration"}, -{"note":"","property_name":"idp.authn.OAuth2Client.requireAll","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether all validators must succeed or just one"}, -{"note":"","property_name":"idp.authn.OAuth2Client.removeAfterValidation","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)"}, -{"note":"use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.","property_name":"idp.authn.OAuth2Client.retainAsPrivateCredential","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution"}, -{"note":"","property_name":"idp.authn.OAuth2Client.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.OAuth2Client.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.OAuth2Client.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of BiConsumer>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter."}, -{"note":"","property_name":"idp.service.clientinfo.failFast","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"If true any failures during initialization of any resolvers result in IdP startup failure"}, -{"note":"","property_name":"idp.service.clientinfo.checkInterval","idp_vers":"4.1","property_default_value":"PT0S","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"When non-zero enables monitoring of resources for service reload"}, -{"note":"","property_name":"idp.service.clientinfo.resources","idp_vers":"4.1","property_default_value":"shibboleth.ClientInformationResolverResources","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Name of bean used to define the resources to use in configuring this service"}, -{"note":"","property_name":"idp.oauth2.defaultAllowedScope","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function called shibboleth.oidc.AllowedScopeStrategy"}, -{"note":"","property_name":"idp.oauth2.defaultAllowedAudience","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy"}, -{"note":"","property_name":"idp.oauth2.authn.flows","idp_vers":"4.1","property_default_value":"OAuth2Client","property_type":"regex","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regular expression matching OAuth login flows to enable."}, -{"note":"","property_name":"idp.oidc.subject.sourceAttribute","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The source attribute used in generating the sub claim"}, -{"note":"","property_name":"idp.oidc.subject.algorithm","idp_vers":"4.1","property_default_value":"SHA","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The digest algorithm used in generating the sub claim"}, -{"note":"","property_name":"idp.oidc.subject.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository"}, -{"note":"","property_name":"idp.authn.DuoOIDC.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.DuoOIDC.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.DuoOIDC.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.DuoOIDC.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.DuoOIDC.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, -{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.DuoOIDC.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow considers itself to be proxying"}, -{"note":"","property_name":"idp.authn.DuoOIDC.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to invoke IdP-discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.DuoOIDC.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate determining whether flow is usable for request"}, -{"note":"","property_name":"idp.authn.DuoOIDC.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofBiConsumer for subject customization"}, -{"note":"","property_name":"idp.authn.DuoOIDC.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, -{"note":"","property_name":"idp.duo.oidc.apiHost","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"DuoOIDC API hostname assigned to the integration"}, -{"note":"","property_name":"idp.duo.oidc.clientId","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The OAuth 2.0 Client Identifier valid at the Authorization Server"}, -{"note":"ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback","property_name":"idp.duo.oidc.redirectURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Redirection URI to which the 2FA response will be sent"}, -{"note":"","property_name":"idp.duo.oidc.redirecturl.allowedOrigins","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection."}, -{"note":"","property_name":"idp.duo.oidc.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token)."}, -{"note":"","property_name":"idp.duo.oidc.endpoint.health","idp_vers":"4.1","property_default_value":"/oauth/v1/health_check","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 health check endpoint"}, -{"note":"","property_name":"idp.duo.oidc.endpoint.token","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 token endpoint"}, -{"note":"","property_name":"idp.duo.oidc.endpoint.authorize","idp_vers":"4.1","property_default_value":"/oauth/v1/authorize","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 authorization endpoint"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.clockSkew","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Leeway allowed in token expiry calculations"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.iatWindow","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum amount (in either direction from now) of duration for which a token is valid after it is issued"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.issuerPath","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.preferredUsername","idp_vers":"4.1","property_default_value":"preferred_username","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request."}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.authLifetime","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"How long the authentication is valid. Only applies to forced authentication requests."}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.apiHost","idp_vers":"4.1","property_default_value":"%{idp.duo.oidc.apiHost}","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI hostname assigned to the integration"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.integrationKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI integration key supplied by Duo"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI secret key supplied by Duo"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.factor","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Factor","property_type":"strinig","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI factor"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.device","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Device","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI device ID or name"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.passcode","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Passcode","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI passcode"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.auto","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Allow the factor to be defaulted in as \"auto\" if no headers are received"}, -{"note":" push display","property_name":"idp.duo.oidc.nonbrowser.clientAddressTrusted","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Pass client address to Duo in API calls to support logging"}, -{"note":"","property_name":"idp.duo.oidc.connectionTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for the connection to be established"}, -{"note":"","property_name":"idp.duo.oidc.connectionRequestTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for a connection to be returned from the connection manager"}, -{"note":"","property_name":"idp.duo.oidc.socketTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum period inactivity between two consecutive data packets"}, -{"note":"","property_name":"idp.duo.oidc.maxConnectionsTotal","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max total simultaneous connections allowed by the pooling connection manager"}, -{"note":"","property_name":"idp.duo.oidc.maxConnectionsPerRoute","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max simultaneous connections per route allowed by the pooling connection manager"}, -{"note":"","property_name":"idp.duo.oidc.nimbus.checkRevocation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"To enable certificate revocation checking"}, -{"note":"","property_name":"idp.authn.TOTP.headerName","idp_vers":"4.1","property_default_value":"X-Shibboleth-TOTP","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of request header to use for extracting non-browser submitted token codes"}, -{"note":"","property_name":"idp.authn.TOTP.fieldName","idp_vers":"4.1","property_default_value":"tokencode","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of HTML form field to use for locating browser-submitted token codes"}, -{"note":"","property_name":"idp.authn.TOTP.tokenSeedAttribute","idp_vers":"4.1","property_default_value":"tokenSeeds","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of IdPAttribute to resolve to obtain token seeds for users"}, -{"note":"","property_name":"idp.authn.TOTP.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.TOTP.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.TOTP.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.TOTP.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.TOTP.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, -{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.TOTP.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow considers itself to be proxying"}, -{"note":"","property_name":"idp.authn.TOTP.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to invoke IdP-discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.TOTP.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.TOTP.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.TOTP.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.TOTP.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate determining whether flow is usable for request"}, -{"note":"","property_name":"idp.authn.TOTP.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofBiConsumer for subject customization"}, -{"note":"","property_name":"idp.authn.TOTP.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, -{"note":"","property_name":"idp.authn.TOTP.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, -{"note":"","property_name":"idp.metadata.dnsname","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier"}, -{"note":"","property_name":"idp.metadata.backchannel.cert","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.path","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.height","idp_vers":"4.1","property_default_value":"80","property_type":"int","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The height of the logo in pixels."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.width","idp_vers":"4.1","property_default_value":"80","property_type":"init","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The width of the logo in pixels"}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.langs","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.displayname.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.description.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, -{"note":"no doc","property_name":"idp.oidc.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.defaultSecretExpiration","idp_vers":"4.1","property_default_value":"P12M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The validity of client secret registered"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.allowNoneForRequestSigning","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regardless of what signing algorithms are configured allow none for request object signing"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.validateRemoteJwks","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.defaultMetadataPolicy","idp_vers":"4.1","property_default_value":"shibboleth.oidc.dynreg.DefaultMetadataPolicy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine the default metadata policy used for dynamic client registration"}, -{"note":"no doc","property_name":"idp.oidc.jwk.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Storage for storing remote jwk sets."}, -{"note":"no doc","property_name":"idp.oidc.metadata.saml","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution"}, -{"note":"no doc","property_name":"idp.oidc.jwksuri.fetchInterval","idp_vers":"4.1","property_default_value":"PT30M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Upgrade interval to the remote JWKs"}, -{"note":"no doc","property_name":"idp.oidc.config.minRefreshDelay","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, -{"note":"no doc","property_name":"idp.oidc.config.maxRefreshDelay","idp_vers":"4.1","property_default_value":"PT4H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, -{"note":"no doc","property_name":"idp.oidc.LoginHintLookupStrategy","idp_vers":"4.1","property_default_value":"DefaultRequestLoginHintLookupFunction","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is."}, -{"note":"no doc","property_name":"idp.oidc.SPSessionCreationStrategy","idp_vers":"4.1","property_default_value":"DefaultSPSessionCreationStrategy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported."} + { + "property_name": "idp.searchForProperties", + "property_type": "bool", + "property_default_value": true, + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Auto-load all files matching conf/**/*.properties", + "note": "" + }, + { + "property_name": "idp.additionalProperties", + "property_type": "Comma-delimited paths", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.", + "note": "ex. /conf/ldap.properties, /conf/services.properties" + }, + { + "property_name": "idp.entityID", + "property_type": "URI", + "property_default_value": "none", + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The unique name of the IdP used as the iisuer in all SAML profiles", + "note": "ex. https://unicon.net/idp/shibboleth" + }, + { + "property_name": "idp.entityID.metadataFile", + "property_type": "resource path", + "property_default_value": "%{idp.home}/metadata/idp-metadata.xml", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the file to serve for requests to the IdP's well-known metadata location", + "note": "" + }, + { + "property_name": "idp.artifact.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to allow use of the SAML artifact bindings when sending messages", + "note": "" + }, + { + "property_name": "idp.artifact.secureChannel", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)", + "note": "" + }, + { + "property_name": "idp.artifact.endpointIndex", + "property_type": "int", + "property_default_value": 2, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the endpoint in SAML metadata associated with artifacts issued by a server node", + "note": "" + }, + { + "property_name": "idp.artifact.StorageService", + "property_type": "Bean ID of a StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.StorageService", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)", + "note": "" + }, + { + "property_name": "idp.bindings.inMetadataOrder", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout.", + "note": "" + }, + { + "property_name": "idp.entityID.metadataFile", + "property_type": "file pathname", + "property_default_value": "%{idp.home}/metadata/idp-metadata.xml", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the file to serve for requests to the IdP's well-known metadata location", + "note": "" + }, + { + "property_name": "idp.scope", + "property_type": "string", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "applies a (fixed) scope typically a domain-valued suffix to an input attribute's values", + "note": "" + }, + { + "property_name": "idp.cookie.secure", + "property_type": "bool", + "property_default_value": false, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true all cookies issued by the IdP (not including the container) will be limited to TLS", + "note": "" + }, + { + "property_name": "idp.cookie.httpOnly", + "property_type": "bool", + "property_default_value": true, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property", + "note": "" + }, + { + "property_name": "idp.cookie.domain", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Overrides the domain of any cookies issued by the IdP (not including the container)", + "note": "" + }, + { + "property_name": "idp.cookie.path", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Overrides the path of any cookies issued by the IdP (not including the container)", + "note": "" + }, + { + "property_name": "idp.cookie.maxAge", + "property_type": "int", + "property_default_value": 31536000, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)", + "note": "" + }, + { + "property_name": "idp.cookie.sameSite", + "property_type": "Null/None/Lax/Strict", + "property_default_value": "None", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified", + "note": "" + }, + { + "property_name": "idp.cookie.sameSiteCondition", + "property_type": "Bean ID of Predicate", + "property_default_value": "shibboleth.Conditions.FALSE", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Predicate condition bean controlling whether SameSite filter runs", + "note": "" + }, + { + "property_name": "idp.sealer.keyStrategy", + "property_type": "Bean ID of DataSealerKeyStrategy", + "property_default_value": "shibboleth.DataSealerKeyStrategy", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.", + "note": "" + }, + { + "property_name": "idp.sealer.storeType", + "property_type": "string", + "property_default_value": "JCEKS", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Type of Java keystore used for IdP's internal AES encryption key", + "note": "" + }, + { + "property_name": "idp.sealer.updateInterval", + "property_type": "duration", + "property_default_value": "PT15M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time between checks for a new AES key version", + "note": "" + }, + { + "property_name": "idp.sealer.aliasBase", + "property_type": "string", + "property_default_value": "secret", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)", + "note": "" + }, + { + "property_name": "idp.sealer.storeResource", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Keystore resource containing AES encryption key usually a file path", + "note": "" + }, + { + "property_name": "idp.sealer.versionResource", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource that tracks the active AES encryption key version usually a file path", + "note": "" + }, + { + "property_name": "idp.sealer.storePassword", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Keystore password unlocking AES encryption keystore typically set during installation", + "note": "" + }, + { + "property_name": "idp.sealer.keyPassword", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Key password unlocking AES encryption key typically set to the same as the previous property and set during installation", + "note": "" + }, + { + "property_name": "idp.signing.key", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing private key for signing typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.signing.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.key", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing a private key for decryption typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.key.2", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing an alternate private key for decryption generally unused except while changing decryption keys", + "note": "" + }, + { + "property_name": "idp.encryption.cert.2", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing an alternate public key certificate generally unused except while changing decryption keys", + "note": "" + }, + { + "property_name": "idp.security.config", + "property_type": "Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)", + "property_default_value": "shibboleth.DefaultSecurityConfiguration", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default SecurityConfiguration", + "note": "" + }, + { + "property_name": "idp.signing.config", + "property_type": "Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)", + "property_default_value": "shibboleth.SigningConfiguration.SHA256", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default SignatureSigningConfiguration", + "note": "" + }, + { + "property_name": "idp.encryption.config", + "property_type": "Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)", + "property_default_value": "shibboleth.EncryptionConfiguration.CBC", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default EncryptionConfiguration", + "note": "" + }, + { + "property_name": "idp.encryption.optional", + "property_type": "bool", + "property_default_value": false, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true failure to locate an encryption key to use won't result in request failure", + "note": "" + }, + { + "property_name": "idp.encryption.keyagreement.metadata.defaultUseKeyWrap", + "property_type": "string", + "property_default_value": "Default", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration", + "note": "" + }, + { + "property_name": "idp.trust.signatures", + "property_type": "Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)", + "property_default_value": "shibboleth.ChainingSignatureTrustEngine", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean for the trust engine used to verify signatures", + "note": "" + }, + { + "property_name": "idp.trust.certificates", + "property_type": "Bean ID of TrustEngine (org.opensaml.security.trust)", + "property_default_value": "shibboleth.ChainingX509TrustEngine", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean for the trust engine used to verify TLS certificates", + "note": "" + }, + { + "property_name": "idp.policy.messageLifetime", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default freshness window for accepting timestamped messages", + "note": "" + }, + { + "property_name": "idp.policy.assertionLifetime", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default freshness window for accepting timestamped assertions", + "note": "" + }, + { + "property_name": "idp.policy.clockSkew", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default allowance for clock differences between systems", + "note": "" + }, + { + "property_name": "idp.security.basicKeyInfoFactory", + "property_type": "Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)", + "property_default_value": "shibboleth.BasicKeyInfoGeneratorFactory", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the BasicKeyInfoGeneratorFactory used by default", + "note": "" + }, + { + "property_name": "idp.security.x509KeyInfoFactory", + "property_type": "Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)", + "property_default_value": "shibboleth.X509KeyInfoGeneratorFactory", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the X509KeyInfoGeneratorFactory used by default", + "note": "" + }, + { + "property_name": "idp.csrf.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "CSRF", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Enables CSRF protection", + "note": "" + }, + { + "property_name": "idp.csrf.token.parameter", + "property_type": "string", + "property_default_value": "csrf_token", + "config_category": "CSRF", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Name of the HTTP parameter that stores the CSRF token", + "note": "" + }, + { + "property_name": "idp.hsts", + "property_type": "string", + "property_default_value": "max-age=0", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures an HSTS response header", + "note": "" + }, + { + "property_name": "idp.frameoptions", + "property_type": "DENY/SAMEORIGIN", + "property_default_value": "DENY", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures an X-Frame-Options response header", + "note": "" + }, + { + "property_name": "idp.csp", + "property_type": "string", + "property_default_value": "frame-ancestors 'none'", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures a Content Security Policy response header", + "note": "" + }, + { + "property_name": "idp.webflows", + "property_type": "resource path", + "property_default_value": "%{idp.home}/flows", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Location from which to load user-supplied webflows from", + "note": "" + }, + { + "property_name": "idp.views", + "property_type": "Comma-delimited paths", + "property_default_value": "%{idp.home}/views", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading.", + "note": "" + }, + { + "property_name": "idp.errors.detailed", + "property_type": "bool", + "property_default_value": false, + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to expose detailed error causes in status information provided to outside parties", + "note": "" + }, + { + "property_name": "idp.errors.signed", + "property_type": "bool", + "property_default_value": true, + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)", + "note": "" + }, + { + "property_name": "idp.errors.defaultView", + "property_type": "string", + "property_default_value": "error", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The default view name to render for exceptions and events", + "note": "" + }, + { + "property_name": "idp.errors.excludedExceptions", + "property_type": "Bean ID of Properties (java.util.Properties)", + "property_default_value": "none", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class).", + "note": "" + }, + { + "property_name": "idp.errors.exceptionMappings", + "property_type": "Bean ID of Collection (java.util)", + "property_default_value": "none", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)", + "note": "" + }, + { + "property_name": "idp.storage.cleanupInterval", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Interval of background thread sweeping server-side storage for expired records", + "note": "" + }, + { + "property_name": "idp.storage.htmlLocalStorage", + "property_type": "bool", + "property_default_value": false, + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use HTML Local Storage (if available) instead of cookies", + "note": "" + }, + { + "property_name": "idp.storage.clientSessionStorageName", + "property_type": "string", + "property_default_value": "shib_idp_session_ss", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of cookie or HTML storage key used by the default per-session instance of the client storage service", + "note": "" + }, + { + "property_name": "idp.storage.clientPersistentStorageName", + "property_type": "string", + "property_default_value": "shib_idp_persistent_ss", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of cookie or HTML storage key used by the default persistent instance of the client storage service", + "note": "" + }, + { + "property_name": "idp.replayCache.StorageService", + "property_type": "Bean ID of a StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.StorageService", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage back-end to use for message replay checking (must be server-side)", + "note": "" + }, + { + "property_name": "idp.replayCache.strict", + "property_type": "bool", + "property_default_value": true, + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether storage errors during replay checks should be treated as a replay", + "note": "" + }, + { + "property_name": "idp.session.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to enable the IdP's session tracking feature", + "note": "" + }, + { + "property_name": "idp.session.StorageService", + "property_type": "Bean ID of StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.ClientSessionStorageService", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean name of a storage implementation/configuration to use for IdP sessions", + "note": "" + }, + { + "property_name": "idp.session.cookieName", + "property_type": "string", + "property_default_value": "shib_idp_session", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)", + "note": "" + }, + { + "property_name": "idp.session.idSize", + "property_type": "int", + "property_default_value": 32, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Number of characters in IdP session identifiers", + "note": "" + }, + { + "property_name": "idp.session.consistentAddress", + "property_type": "bool", + "property_default_value": true, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to bind IdP sessions to IP addresses", + "note": "" + }, + { + "property_name": "idp.session.consistentAddressCondition", + "property_type": "BiPredicate", + "property_default_value": "Direct string comparison", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A 2-argument predicate that compares a bound session's address to a client address", + "note": "" + }, + { + "property_name": "idp.session.timeout", + "property_type": "duration", + "property_default_value": "PT60M", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Inactivity timeout policy for IdP sessions (must be non-zero)", + "note": "" + }, + { + "property_name": "idp.session.slop", + "property_type": "duration", + "property_default_value": 0, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Extra time after expiration before removing SP sessions in case a logout is invoked", + "note": "" + }, + { + "property_name": "idp.session.maskStorageFailure", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to hide storage failures from users during session cache reads/writes", + "note": "" + }, + { + "property_name": "idp.session.trackSPSessions", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)", + "note": "" + }, + { + "property_name": "idp.session.secondaryServiceIndex", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)", + "note": "" + }, + { + "property_name": "idp.session.defaultSPlifetime", + "property_type": "duration", + "property_default_value": "PT2H", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting", + "note": "" + }, + { + "property_name": "idp.authn.flows", + "property_type": "regex", + "property_default_value": "none", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Required expression that identifies the login flows to globally enable", + "note": "ex. Password, MA, DUO" + }, + { + "property_name": "idp.authn.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT60M", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default amount of time to allow reuse prior authentication flows", + "note": "measured since first usage" + }, + { + "property_name": "idp.authn.defaultTimeout", + "property_type": "duration", + "property_default_value": "PT30M", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default inactivity timeout to prevent reuse of prior authentication flows", + "note": "measured since last usage" + }, + { + "property_name": "idp.authn.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication", + "note": "" + }, + { + "property_name": "idp.authn.favorSSO", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to prioritize prior authentication results when an SP requests more than one possible matching method", + "note": "" + }, + { + "property_name": "idp.authn.rpui", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to populate information about the relying party into the tree for user interfaces during login and interceptors", + "note": "" + }, + { + "property_name": "idp.authn.identitySwitchIsError", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session.", + "note": "" + }, + { + "property_name": "idp.authn.discoveryURL", + "property_type": "string", + "property_default_value": "none", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose", + "note": "" + }, + { + "property_name": "idp.authn.overrideRequestedAuthnContext", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set.", + "note": "" + }, + { + "property_name": "idp.consent.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ClientPersistentStorageService", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of storage service used to store users' consent choices", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.userStorageKey", + "property_type": "Bean ID", + "property_default_value": "shibboleth.consent.PrincipalConsentStorageKey", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of function used to return the String storage key representing a user defaults to the principal name", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.userStorageKeyAttribute", + "property_type": "string", + "property_default_value": "uid", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Attribute whose value is the storage key representing a user", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional condition to apply to control activation of attribute-release flow along with system default behavior", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.auditFormat", + "property_type": "logback", + "property_default_value": "%T|%SP|%e|%u|%CCI|%CCV|%CCA", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default consent auditing formats", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.userStorageKey", + "property_type": "Bean ID", + "property_default_value": "shibboleth.consent.PrincipalConsentStorageKey", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of function used to return the String storage key representing a user defaults to the principal name", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.userStorageKeyAttribute", + "property_type": "string", + "property_default_value": "uid", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Attribute whose value is the storage key representing a user", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.consentValueMessageCodeSuffix", + "property_type": "string", + "property_default_value": ".text", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix of message property used as value of consent storage records when idp.consent.compareValues is true", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional condition to apply to control activation of terms-of-use flow", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.auditFormat", + "property_type": "logback", + "property_default_value": "%T|%SP|%e|%u|%CCI|%CCV|%CCA", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default consent auditing formats", + "note": "" + }, + { + "property_name": "idp.consent.allowDoNotRemember", + "property_type": "bool", + "property_default_value": true, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether not remembering/storing consent is allowed", + "note": "" + }, + { + "property_name": "idp.consent.allowGlobal", + "property_type": "bool", + "property_default_value": true, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether consent to any attribute and to any relying party is allowed", + "note": "" + }, + { + "property_name": "idp.consent.allowPerAttribute", + "property_type": "bool", + "property_default_value": false, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether per-attribute consent is allowed", + "note": "" + }, + { + "property_name": "idp.consent.compareValues", + "property_type": "bool", + "property_default_value": false, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute values and terms of use text are stored and compared for equality", + "note": "" + }, + { + "property_name": "idp.consent.maxStoredRecords", + "property_type": "int", + "property_default_value": 10, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit", + "note": "" + }, + { + "property_name": "idp.consent.expandedMaxStoredRecords", + "property_type": "int", + "property_default_value": 0, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum number of records stored when using larger/server-side storage, 0 = no limit", + "note": "" + }, + { + "property_name": "idp.consent.storageRecordLifetime", + "property_type": "duration", + "property_default_value": "(v4.0=P1Y,v4.1=infinite)", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "4.x", + "module": "", + "module_vers": "", + "description": "Time in milliseconds to expire consent storage records", + "note": "" + }, + { + "property_name": "idp.logout.elaboration", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to search metadata for user interface information associated with every service involved in logout propagation", + "note": "" + }, + { + "property_name": "idp.logout.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to require signed logout messages in accordance with the SAML 2.0 standard", + "note": "" + }, + { + "property_name": "idp.logout.promptUser", + "property_type": "Bean ID of Predicate", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session", + "note": "" + }, + { + "property_name": "idp.logout.preserveQuery", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic", + "note": "" + }, + { + "property_name": "idp.logout.assumeAsync", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints", + "note": "" + }, + { + "property_name": "idp.logout.propagationHidden", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user", + "note": "" + }, + { + "property_name": "idp.soap.httpClient", + "property_type": "Bean ID of HttpClient to use for SOAP-based logout", + "property_default_value": "SOAPClient.HttpClient", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)", + "note": "" + }, + { + "property_name": "idp.ui.fallbackLanguages", + "property_type": "Comma-delimited list", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "languages to use if no match can be found with the browser-supported languages", + "note": "ex. en, fr, de" + }, + { + "property_name": "idp.cas.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)", + "note": "" + }, + { + "property_name": "idp.cas.serviceRegistryClass", + "property_type": "?", + "property_default_value": "net.shibboleth.idp.cas.service.PatternServiceRegistry", + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "CAS service registry implementation class", + "note": "" + }, + { + "property_name": "idp.cas.relyingPartyIdFromMetadata", + "property_type": "bool", + "property_default_value": false, + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true CAS services provisioned with SAML metadata are identified via entityID", + "note": "" + }, + { + "property_name": "idp.fticks.federation", + "property_type": "string", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Enables F-TICKS output and specifies the value of the federation-identifier field", + "note": "" + }, + { + "property_name": "idp.fticks.condition", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean name of a Predicate to use to decide whether to run", + "note": "" + }, + { + "property_name": "idp.fticks.algorithm", + "property_type": "string", + "property_default_value": "SHA-2", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Digest algorithm used to obscure usernames", + "note": "" + }, + { + "property_name": "idp.fticks.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A salt to apply when digesting usernames (if not specified, the username will not be included)", + "note": "" + }, + { + "property_name": "idp.fticks.loghost", + "property_type": "string", + "property_default_value": "localhost", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The remote syslog host", + "note": "" + }, + { + "property_name": "idp.fticks.logport", + "property_type": "int", + "property_default_value": 514, + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The remote syslog port", + "note": "" + }, + { + "property_name": "idp.audit.shortenBindings", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set false if you want SAML bindings \"spelled out\" in audit log", + "note": "" + }, + { + "property_name": "idp.velocity.runtime.strictmode", + "property_type": "bool", + "property_default_value": false, + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set to true to fail on velocity syntax errors", + "note": "" + }, + { + "property_name": "idp.intercept.External.externalPath", + "property_type": "path", + "property_default_value": "contextRelative:intercept.jsp", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Path to use with External interceptor flow", + "note": "" + }, + { + "property_name": "idp.impersonate.generalPolicy", + "property_type": "Policy ID", + "property_default_value": "GeneralImpersonationPolicy", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Policies to use with Impersonate interceptor flow", + "note": "" + }, + { + "property_name": "idp.impersonate.specificPolicy", + "property_type": "Policy ID", + "property_default_value": "SpecificImpersonationPolicy", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Policies to use with Impersonate interceptor flow", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.authenticator", + "property_type": "string", + "property_default_value": "anonSearchAuthenticator", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.ldapURL", + "property_type": "LDAP URI", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Connection URI for LDAP directory", + "note": "ex. ldap://localhost or ldaps://localhost" + }, + { + "property_name": "idp.authn.LDAP.useStartTLS", + "property_type": "bool", + "property_default_value": true, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether StartTLS should be used after connecting with LDAP alone.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.connectTimeout", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to wait for the TCP connection to occur.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.responseTimeout", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to wait for an LDAP response message", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.connectionStrategy", + "property_type": "string", + "property_default_value": "ACTIVE_PASSIVE", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.sslConfig", + "property_type": "string", + "property_default_value": "certificateTrust", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.trustCertificates", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A resource to load trust anchors from when using sslConfig = certificateTrust", + "note": "ex. %{idp.home}/credentials/ldap-server.crt" + }, + { + "property_name": "idp.authn.LDAP.trustStore", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust", + "note": "ex. %{idp.home}/credentials/ldap-server.truststore" + }, + { + "property_name": "idp.authn.LDAP.returnAttributes", + "property_type": "comma-seperated strings", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "List of attributes to request during authentication", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.baseDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.subtreeSearch", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.userFilter", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindDNCredential", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.dnFormat", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator", + "note": "ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com" + }, + { + "property_name": "idp.authn.LDAP.resolveEntryOnFailure", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.resolveEntryWithBindDN", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.usePasswordPolicy", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use the Password Policy Control.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.usePasswordExpiration", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use the Password Expired Control.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.activeDirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.freeIPADirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.eDirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.disablePooling", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether connection pools should be used for LDAP authentication and DN resolution", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.minSize", + "property_type": "int", + "property_default_value": 3, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Minimum LDAP connection pool size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.maxSize", + "property_type": "int", + "property_default_value": 10, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum LDAP connection pool size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateOnCheckout", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to validate connections when checking them out of the pool", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validatePeriodically", + "property_type": "bool", + "property_default_value": true, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to validate connections in the background", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validatePeriod", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration between validation if idp.pool.LDAP.validatePeriodically is true", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "DN to search with the validateFilter: defaults to the rootDSE", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateFilter", + "property_type": "string", + "property_default_value": "(objectClass=*)", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "Search filter to execute in order to validate a pooled connection", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.prunePeriod", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration between looking for idle connections to reduce the pool back to its minimum size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.idleTime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration connections must be idle to be eligible for pruning", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.blockWaitTime", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration to wait for a free connection in the pool", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindPoolPassivator", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind.", + "note": "" + }, + { + "property_name": "idp.authn.JAAS.loginConfigNames", + "property_type": "string", + "property_default_value": "ShibUserPassAuth", + "config_category": "JAASAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited set of JAAS application configuration names to use", + "note": "" + }, + { + "property_name": "idp.authn.JAAS.loginConfig", + "property_type": "resource path", + "property_default_value": "%{idp.home}/conf/authn/jaas.config", + "config_category": "JAASAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Location of JAAS configuration file", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.refreshConfig", + "property_type": "bool", + "property_default_value": false, + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.preserveTicket", + "property_type": "bool", + "property_default_value": false, + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.servicePrincipal", + "property_type": "string", + "property_default_value": "none", + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.keytab", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal", + "note": "" + }, + { + "property_name": "idp.authn.External.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.External.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.External.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.External.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.External.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.External.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.External.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.External.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.External.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.External.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.External.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.External.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.External.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.External.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.External.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.External.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.RemoteUser.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkRemoteUser", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to check REMOTE_USER for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkAttributes", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited lists of request attributes to check for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkHeaders", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of request headers to check for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to lowercase the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to uppercase the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "A regular expression that must match the username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.allowedUsernames", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of usernames to accept while blocking all others", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.deniedUsernames", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of usernames to deny while accepting all others", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.RemoteUserInternal.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.externalAuthnPath", + "property_type": "URL path", + "property_default_value": "/Authn/SPNEGO", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Servlet-relative path to the SPNEGO external authentication implementation", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.enforceRun", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to always try to run SPNEGO independent of the user's auto-login setting", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.refreshKrbConfig", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.cookieName", + "property_type": "string", + "property_default_value": "_idp_spnego_autologin", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.2, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Name of cookie used to track auto-login state of client", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.SPNEGO.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, saml1/urn:ietf:rfc:1510", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:x509-prompt.jsp", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.X509.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.X509.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.X509.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.X509.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.X509.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.X509.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.saveCertificateToCredentialSet", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to save the certificate into the Subject's public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.X509Internal.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.IPAddress.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.Function.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.Function.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.Function.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.Function.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Function.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Function.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.Function.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.Function.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.Function.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.duo.apiHost", + "property_type": "URL", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb API hostname assigned to the integration", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.applicationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "A secret supplied by you and not shared with Duo; see https://duo.com/docs/duoweb-v2, \"Generate an akey\".", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb integration key (supplied by Duo as Client ID)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb secret key (supplied by Duo as Client secret)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.apiHost", + "property_type": "URL", + "property_default_value": "${idp.duo.apiHost}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI hostname assigned to the integration", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI integration key (supplied by Duo as Client ID)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI secret key (supplied by Duo as Client secret)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.factor", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Factor", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI factor", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.device", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Device", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI device ID or name", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.passcode", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Passcode", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI passcode", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.auto", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Allow the factor to be defaulted to auto if no headers are received", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.clientAddressTrusted", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Pass client address to Duo in API calls to support logging, push display, and network-based Duo policies", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.authn.Duo.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.Duo.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.Duo.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.Duo.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.Duo.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Duo.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Duo.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.Duo.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.Duo.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.Duo.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.externalAuthnPath", + "property_type": "url path", + "property_default_value": "servletRelative:/Authn/SAML2/POST/SSO", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the IdP's AssertionConsumerService", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyEntityID", + "property_type": "string", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Statically-defined entityID of IdP to use for authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.outboundMessageHandlerFunction", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of Function to run just prior to AuthnRequest signing/encoding step", + "note": "" + }, + { + "property_name": "idp.authn.SAML.inboundMessageHandlerFunction", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of Function to run at the late stages of Response decoding/processing", + "note": "" + }, + { + "property_name": "idp.authn.SAML.assertionValidator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of AssertionValidator to run", + "note": "" + }, + { + "property_name": "idp.authn.SAML.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.SAML.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.SAML.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SAML.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.SAML.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.SAML.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.SAML.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.validateLoginTransitions", + "property_type": "bool", + "property_default_value": true, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions", + "note": "" + }, + { + "property_name": "idp.authn.MFA.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.MFA.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.MFA.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.MFA.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.MFA.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.MFA.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.MFA.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.MFA.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.MFA.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.MFA.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.transientId.generator", + "property_type": "Bean ID of a TransientIdGenerationStrategy", + "property_default_value": "shibboleth.CryptoTransientIdGenerator", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the strategy plugin for generating transient IDs", + "note": "" + }, + { + "property_name": "idp.nameid.saml2.default", + "property_type": "URI", + "property_default_value": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default Format to generate if nothing else is indicated", + "note": "" + }, + { + "property_name": "idp.nameid.saml1.default", + "property_type": "URI", + "property_default_value": "urn:mace:shibboleth:1.0:nameIdentifier", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default Format to generate if nothing else is indicated", + "note": "" + }, + { + "property_name": "idp.persistentId.generator", + "property_type": "Bean ID of a PairwiseIdStore", + "property_default_value": "shibboleth.ComputedPersistentIdGenerator", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the strategy plugin for sourcing persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.dataSource", + "property_type": "Bean ID of a JDBC DataSource", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies a data source for storage-based management of persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.computed", + "property_type": "Bean ID of a PairwiseIdStore", + "property_default_value": "shibboleth.ComputedPersistentIdGenerator", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies a strategy plugin to use to generate the first persistent identifier for each subject", + "note": "used to migrate from the computed to stored strategies: can be null" + }, + { + "property_name": "idp.persistentId.sourceAttribute", + "property_type": "string", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable", + "note": "" + }, + { + "property_name": "idp.persistentId.useUnfilteredAttributes", + "property_type": "boolean", + "property_default_value": true, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether or not the previous property has access to unreleased attributes", + "note": "" + }, + { + "property_name": "idp.persistentId.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A secret salt for the hash when using computed persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.encodedSalt", + "property_type": "Base64-encoded String", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "An encoded form of the persistentId.salt", + "note": "" + }, + { + "property_name": "idp.persistentId.algorithm", + "property_type": "string", + "property_default_value": "SHA", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The hash algorithm used when using computed persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.encoding", + "property_type": "string", + "property_default_value": "BASE64", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64", + "note": "" + }, + { + "property_name": "idp.persistentId.exceptionMap", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ComputedIdExceptionMap", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services", + "note": "" + }, + { + "property_name": "idp.persistentId.queryTimeout", + "property_type": "duration", + "property_default_value": "PT5S", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Query timeout for database access", + "note": "" + }, + { + "property_name": "idp.persistentId.transactionRetries", + "property_type": "int", + "property_default_value": 3, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Number of retries in the event database locking bugs cause retryable failures", + "note": "" + }, + { + "property_name": "idp.persistentId.retryableErrors", + "property_type": "string", + "property_default_value": "23000,23505", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "List of error strings to identify as retryable failures", + "note": "" + }, + { + "property_name": "idp.persistentId.verifyDatabase", + "property_type": "bool", + "property_default_value": true, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.", + "note": "" + }, + { + "property_name": "idp.persistentId.tableName", + "property_type": "string", + "property_default_value": "shibpid", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the name of the table in the database", + "note": "" + }, + { + "property_name": "idp.persistentId.localEntityColumn", + "property_type": "string", + "property_default_value": "localEntity", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.peerEntityColumn", + "property_type": "string", + "property_default_value": "peerEntity", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.principalNameColumn", + "property_type": "string", + "property_default_value": "principalName", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.sourceIdColumn", + "property_type": "string", + "property_default_value": "localId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.persistentIdColumn", + "property_type": "string", + "property_default_value": "persistentId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.peerProvidedIdColumn", + "property_type": "string", + "property_default_value": "peerProvidedId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.createTimeColumn", + "property_type": "string", + "property_default_value": "creationDate", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.deactivationTimeColumn", + "property_type": "string", + "property_default_value": "deactivationDate", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.service.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set default fail-fast behavior of all services unless overridden by service", + "note": "" + }, + { + "property_name": "idp.service.logging.resource", + "property_type": "resource path", + "property_default_value": "%{idp.home}/conf/logback.xml", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Logging configuration resource to use (the reloadable service ID is shibboleth.LoggingService)", + "note": "" + }, + { + "property_name": "idp.service.logging.failFast", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if logging configuration is invalid", + "note": "" + }, + { + "property_name": "idp.service.logging.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to logging configuration and reload service. A value of 0 indicates that the logging configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.RelyingPartyResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for RelyingPartyConfiguration", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if RelyingPartyConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to RelyingPartyConfiguration and reload service. A value of 0 indicates that the relying party configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.ignoreUnmappedEntityAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "See MetadataDrivenConfiguration SAML Attribute Name Format Usage", + "note": "" + }, + { + "property_name": "idp.service.metadata.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.MetadataResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for MetadataConfiguration", + "note": "" + }, + { + "property_name": "idp.service.metadata.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if MetadataConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.metadata.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.metadata.enableByReferenceFilters", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeRegistryResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeRegistryConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeRegistryConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.encodeType", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeResolverConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeResolverConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.maskFailures", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.stripNulls", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invisible to dependant attribute definitions) use a SimpleAttributeDefinition and specify ignoreNullValues", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.suppressDisplayInfo", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so there should be no reason to revert this behavior unless using third party software which expect the IdPAttribute DisplayName and DisplayDescriptions to be pre-populated", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeFilterResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeFilterConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeFilterConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.maskFailures", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.NameIdentifierGenerationResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for NameIDGenerationConfiguration", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if NameIDGenerationConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to NameIDGenerationConfiguration and reload service", + "note": "" + }, + { + "property_name": "idp.service.access.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AccessControlResource", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AccessControlConfiguration", + "note": "" + }, + { + "property_name": "idp.service.access.failFast", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AccessControlConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.access.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AccessControlConfiguration and reload service", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.CASServiceRegistryResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for CASServiceRegistry configuration", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if CASServiceRegistry configuration is invalid", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice CASServiceRegistry configuration changes and reload service", + "note": "" + }, + { + "property_name": "idp.service.managedBean.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ManagedBeanResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for ManagedBeanConfiguration", + "note": "" + }, + { + "property_name": "idp.service.managedBean.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if ManagedBeanConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.managedBean.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice ManagedBeanConfiguration changes and reload service", + "note": "" + }, + { + "property_name": "idp.message.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.MessageSourceResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying Spring message property resources", + "note": "" + }, + { + "property_name": "idp.message.cacheSeconds", + "property_type": "int", + "property_default_value": 300, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Seconds between reloads of message property resources", + "note": "" + }, + { + "property_name": "idp.status.logging", + "property_type": "string", + "property_default_value": "Status", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.status.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.status.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.status.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.status.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.status.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.status.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.reload.logging", + "property_type": "string", + "property_default_value": "Reload", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.reload.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.reload.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.reload.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.reload.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.reload.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.reload.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.resolvertest.logging", + "property_type": "string", + "property_default_value": "ResolverTest", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.resolvertest.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.resolvertest.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.resolvertest.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.resolvertest.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.resolvertest.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.resolvertest.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.mdquery.logging", + "property_type": "string", + "property_default_value": "MetadataQuery", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.mdquery.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.mdquery.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.mdquery.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.mdquery.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.mdquery.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.mdquery.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.metrics.logging", + "property_type": "string", + "property_default_value": "Metrics", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.metrics.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.metrics.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.metrics.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.metrics.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.metrics.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.hello.logging", + "property_type": "string", + "property_default_value": "Hello", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.hello.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByAdminUser", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.hello.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.hello.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.hello.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.hello.resolveAttributes", + "property_type": "bool", + "property_default_value": true, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.hello.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.lockout.logging", + "property_type": "string", + "property_default_value": "Lockout", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.lockout.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.lockout.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.lockout.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.lockout.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.lockout.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.lockout.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.storage.logging", + "property_type": "string", + "property_default_value": "Storage", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.storage.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.storage.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.storage.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.storage.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.storage.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.logging", + "property_type": "string", + "property_default_value": "UnlockKeys", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.unlock-keys.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.unlock-keys.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.unlock-keys.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.c14n.simple.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.simple.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.simple.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.attributesToResolve", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.attributeSourceIds", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.resolveFromSubject", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.resolutionCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone", + "note": "" + }, + { + "property_name": "idp.c14n.x500.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.subjectAltNameTypes", + "property_type": "List", + "property_default_value": "none", + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of subjectAltName extension types to look for", + "note": "" + }, + { + "property_name": "idp.c14n.x500.objectIDs", + "property_type": "List", + "property_default_value": "2.5.4.3", + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attribute OIDs to search for in the subject DN", + "note": "" + }, + { + "property_name": "idp.c14n.saml.proxy.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAML2ProxyTransformPostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.proxy.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAML2ProxyTransformPostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "NameIDConsumptionConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "NameIDConsumptionConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.service.logging.saml1sso", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml1attrquery", + "property_type": "string", + "property_default_value": "AttributeQuery", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml1artifact", + "property_type": "string", + "property_default_value": "ArtifactResolution", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2sso", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2attrquery", + "property_type": "string", + "property_default_value": "AttributeQuery", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2artifact", + "property_type": "string", + "property_default_value": "ArtifactResolution", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2slo", + "property_type": "string", + "property_default_value": "Logout", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.logout", + "property_type": "string", + "property_default_value": "Logout", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.cas", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.status", + "property_type": "string", + "property_default_value": "Status", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.resolvertest", + "property_type": "string", + "property_default_value": "ResolverTest", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.serviceReload", + "property_type": "string", + "property_default_value": "Reload", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.audit.hashAlgorithm", + "property_type": "string", + "property_default_value": "SHA-256", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Hash algorithm to apply to various hashed fields", + "note": "" + }, + { + "property_name": "idp.audit.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Salt to apply to hashed fields must be set to use those fields", + "note": "" + }, + { + "property_name": "idp.oidc.issuer", + "property_type": "URL", + "property_default_value": "none", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Set the Open ID Connect Issuer value", + "note": "" + }, + { + "property_name": "idp.oidc.idToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT1H", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of ID token", + "note": "" + }, + { + "property_name": "idp.oidc.accessToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of access token", + "note": "" + }, + { + "property_name": "idp.oidc.authorizeCode.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of authorization code", + "note": "" + }, + { + "property_name": "idp.oidc.refreshToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT2H", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of refresh token", + "note": "" + }, + { + "property_name": "idp.oidc.forcePKCE", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether client is required to use PKCE", + "note": "" + }, + { + "property_name": "idp.oidc.allowPKCEPlain", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether client is allowed to use PKCE code challenge method plain", + "note": "" + }, + { + "property_name": "idp.oidc.encodedAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests", + "note": "" + }, + { + "property_name": "idp.oidc.encodeConsentInTokens", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage", + "note": "" + }, + { + "property_name": "idp.oidc.alwaysIncludedAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to always include in ID token regardless of response_type", + "note": "" + }, + { + "property_name": "idp.oidc.deniedUserInfoAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to omit from UserInfo token", + "note": "" + }, + { + "property_name": "idp.oidc.revocationCache.authorizeCode.lifetime", + "property_type": "duration", + "property_default_value": "PT6H", + "config_category": "OPRevocation", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of entries in revocation cache for authorize code", + "note": "" + }, + { + "property_name": "idp.oidc.revocationCache.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of StorageService for revocation cache requires server-side storage", + "note": "" + }, + { + "property_name": "idp.oidc.tokenEndpointAuthMethods", + "property_type": "Collection", + "property_default_value": "client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The acceptable client authentication methods", + "note": "" + }, + { + "property_name": "idp.oauth2.grantTypes", + "property_type": "Collection", + "property_default_value": "authorization_code,refresh_token", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "OAuth grant types to allow", + "note": "" + }, + { + "property_name": "idp.oauth2.enforceRefreshTokenRotation", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3.2, + "description": "Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.", + "note": "" + }, + { + "property_name": "idp.oauth2.accessToken.type", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3.2, + "description": "Format of access token. Supported values are JWT or nothing.", + "note": "" + }, + { + "property_name": "idp.oauth2.encryptionOptional", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token", + "note": "" + }, + { + "property_name": "idp.oauth2.accessToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of access token issued to client for resource server", + "note": "" + }, + { + "property_name": "idp.oauth2.revocationMethod", + "property_type": "string", + "property_default_value": "CHAIN", + "config_category": "OPRevocation", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultRegistrationValidity", + "property_type": "duration", + "property_default_value": "PT24H", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Registration lifetime", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultScope", + "property_type": "string", + "property_default_value": "openid profile email address phone offline_access", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The default scopes accepted in dynamic registration", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultSubjectType", + "property_type": "string", + "property_default_value": "public", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The default subject type if not set by client in request. Maybe set to pairwise or public.", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultMetadataPolicyFile", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "OPMetadataPolicies", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Full path to the file containing default metadata policy used for dynamic client registration", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.tokenEndpointAuthMethods", + "property_type": "Collection", + "property_default_value": "client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The acceptable client authentication methods when using dynamic registration", + "note": "" + }, + { + "property_name": "idp.signing.oidc.rs.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-signing-rs.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK RSA signing keypair", + "note": "" + }, + { + "property_name": "idp.signing.oidc.es.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-signing-es.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK EC signing keypair", + "note": "" + }, + { + "property_name": "idp.signing.oidc.rsa.enc.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-encryption-rsa.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK RSA decryption keypair", + "note": "" + }, + { + "property_name": "idp.oidc.signing.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.SigningConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default signing configuration", + "note": "" + }, + { + "property_name": "idp.oidc.encryption.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.EncryptionConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default encryption configuration", + "note": "" + }, + { + "property_name": "idp.oidc.rodecrypt.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.requestObjectDecryptionConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default request decryption configuration", + "note": "" + }, + { + "property_name": "idp.oidc.rovalid.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.requestObjectSignatureValidationConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default request signature validation configuration", + "note": "one of these has the wrong name" + }, + { + "property_name": "idp.oidc.rovalid.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default JWT token validation configuration", + "note": "one of these has the wrong name" + }, + { + "property_name": "idp.authn.OAuth2Client.requireAll", + "property_type": "bool", + "property_default_value": false, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether all validators must succeed or just one", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.removeAfterValidation", + "property_type": "bool", + "property_default_value": true, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.retainAsPrivateCredential", + "property_type": "bool", + "property_default_value": false, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution", + "note": "use with caution as it retains the password and makes it available in plaintext from within server memory at various stages." + }, + { + "property_name": "idp.authn.OAuth2Client.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.OAuth2Client.supportedPrincipals", + "property_type": "string", + "property_default_value": "none", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.oidc.ResponseHeaderFilter", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ResponseHeaderFilter", + "config_category": "OPCustomFilterRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints", + "note": "" + }, + { + "property_name": "idp.oidc.discovery.template", + "property_type": "resource path", + "property_default_value": "%{idp.home}/static/openid-configuration.json", + "config_category": "OPDiscovery", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Location of discovery template to use", + "note": "" + }, + { + "property_name": "idp.oidc.discovery.resolver", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.DefaultOpenIdConfigurationResolver", + "config_category": "OPDiscovery", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Implementation bean for discovery shouldn't require alteration", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.logging", + "property_type": "string", + "property_default_value": "IssueRegistrationAccessToken", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Audit logging label for this profile", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.nonBrowserSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Enables support for non-browser-based authentication", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to enable user authentication for requests", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to resolve attributes if authentication is enabled", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.defaultTokenLifetime", + "property_type": "duration", + "property_default_value": "P1D", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Default access token lifetime if not specified", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to all requests", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.policyLocationPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a policyLocation", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.policyIdPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a policyId", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.clientIdPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a clientId", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.lookup.policy", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "If true any failures during initialization of any resolvers result in IdP startup failure", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.checkInterval", + "property_type": "duration", + "property_default_value": "PT0S", + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "When non-zero enables monitoring of resources for service reload", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ClientInformationResolverResources", + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of bean used to define the resources to use in configuring this service", + "note": "" + }, + { + "property_name": "idp.oauth2.defaultAllowedScope", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OPClientCredentialsGrant", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "bean of type Function called shibboleth.oidc.AllowedScopeStrategy", + "note": "" + }, + { + "property_name": "idp.oauth2.defaultAllowedAudience", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OPClientCredentialsGrant", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy", + "note": "" + }, + { + "property_name": "idp.oauth2.authn.flows", + "property_type": "regex", + "property_default_value": "OAuth2Client", + "config_category": "OPClientAuthentication", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Regular expression matching OAuth login flows to enable.", + "note": "" + }, + { + "property_name": "idp.oidc.subject.sourceAttribute", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The source attribute used in generating the sub claim", + "note": "" + }, + { + "property_name": "idp.oidc.subject.algorithm", + "property_type": "string", + "property_default_value": "SHA", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The digest algorithm used in generating the sub claim", + "note": "" + }, + { + "property_name": "idp.oidc.subject.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow enforces upstream IdP-imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow considers itself to be proxying", + "note": "and therefore enforces SP-signaled restrictions on proxying" + }, + { + "property_name": "idp.authn.DuoOIDC.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether to invoke IdP-discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofPredicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofPredicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofBiConsumer for subject customization", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Comma-delimited list of protocol-specific Principalstrings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow", + "note": "" + }, + { + "property_name": "idp.duo.oidc.apiHost", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "DuoOIDC API hostname assigned to the integration", + "note": "" + }, + { + "property_name": "idp.duo.oidc.clientId", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The OAuth 2.0 Client Identifier valid at the Authorization Server", + "note": "" + }, + { + "property_name": "idp.duo.oidc.redirectURL", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Redirection URI to which the 2FA response will be sent", + "note": "ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback" + }, + { + "property_name": "idp.duo.oidc.redirecturl.allowedOrigins", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.health", + "property_type": "string", + "property_default_value": "/oauth/v1/health_check", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 health check endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.token", + "property_type": "string", + "property_default_value": "/oauth/v1/token", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 token endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.authorize", + "property_type": "string", + "property_default_value": "/oauth/v1/authorize", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 authorization endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.clockSkew", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Leeway allowed in token expiry calculations", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.iatWindow", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Maximum amount (in either direction from now) of duration for which a token is valid after it is issued", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.issuerPath", + "property_type": "string", + "property_default_value": "/oauth/v1/token", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.preferredUsername", + "property_type": "string", + "property_default_value": "preferred_username", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.authLifetime", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "How long the authentication is valid. Only applies to forced authentication requests.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.apiHost", + "property_type": "string", + "property_default_value": "%{idp.duo.oidc.apiHost}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI hostname assigned to the integration", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI integration key supplied by Duo", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI secret key supplied by Duo", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.factor", + "property_type": "strinig", + "property_default_value": "X-Shibboleth-Duo-Factor", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI factor", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.device", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Device", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI device ID or name", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.passcode", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Passcode", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI passcode", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.auto", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Allow the factor to be defaulted in as \"auto\" if no headers are received", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.clientAddressTrusted", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Pass client address to Duo in API calls to support logging", + "note": "push display" + }, + { + "property_name": "idp.duo.oidc.connectionTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum length of time to wait for the connection to be established", + "note": "" + }, + { + "property_name": "idp.duo.oidc.connectionRequestTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum length of time to wait for a connection to be returned from the connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.socketTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum period inactivity between two consecutive data packets", + "note": "" + }, + { + "property_name": "idp.duo.oidc.maxConnectionsTotal", + "property_type": "int", + "property_default_value": 100, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Max total simultaneous connections allowed by the pooling connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.maxConnectionsPerRoute", + "property_type": "int", + "property_default_value": 100, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Max simultaneous connections per route allowed by the pooling connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nimbus.checkRevocation", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "To enable certificate revocation checking", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.headerName", + "property_type": "string", + "property_default_value": "X-Shibboleth-TOTP", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of request header to use for extracting non-browser submitted token codes", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.fieldName", + "property_type": "string", + "property_default_value": "tokencode", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of HTML form field to use for locating browser-submitted token codes", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.tokenSeedAttribute", + "property_type": "string", + "property_default_value": "tokenSeeds", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of IdPAttribute to resolve to obtain token seeds for users", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow enforces upstream IdP-imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow considers itself to be proxying", + "note": "and therefore enforces SP-signaled restrictions on proxying" + }, + { + "property_name": "idp.authn.TOTP.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether to invoke IdP-discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofPredicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofPredicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofBiConsumer for subject customization", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Comma-delimited list of protocol-specific Principalstrings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow", + "note": "" + }, + { + "property_name": "idp.metadata.dnsname", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier", + "note": "" + }, + { + "property_name": "idp.metadata.backchannel.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.path", + "property_type": "URL", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.height", + "property_type": "int", + "property_default_value": 80, + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "The height of the logo in pixels.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.width", + "property_type": "init", + "property_default_value": 80, + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "The width of the logo in pixels", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.langs", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.displayname.", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.description.", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language", + "note": "" + }, + { + "property_name": "idp.oidc.encryptionOptional", + "property_type": "bool", + "property_default_value": false, + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.defaultSecretExpiration", + "property_type": "duration", + "property_default_value": "P12M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The validity of client secret registered", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.allowNoneForRequestSigning", + "property_type": "bool", + "property_default_value": true, + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Regardless of what signing algorithms are configured allow none for request object signing", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.validateRemoteJwks", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request", + "note": "no doc" + }, + { + "property_name": "idp.oidc.jwk.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Storage for storing remote jwk sets.", + "note": "no doc" + }, + { + "property_name": "idp.oidc.metadata.saml", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution", + "note": "no doc" + }, + { + "property_name": "idp.oidc.jwksuri.fetchInterval", + "property_type": "duration", + "property_default_value": "PT30M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Upgrade interval to the remote JWKs", + "note": "no doc" + }, + { + "property_name": "idp.oidc.config.minRefreshDelay", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bounds on the next file refresh of the OP configuration resource", + "note": "no doc" + }, + { + "property_name": "idp.oidc.config.maxRefreshDelay", + "property_type": "duration", + "property_default_value": "PT4H", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bounds on the next file refresh of the OP configuration resource", + "note": "no doc" + }, + { + "property_name": "idp.oidc.LoginHintLookupStrategy", + "property_type": "Bean ID", + "property_default_value": "DefaultRequestLoginHintLookupFunction", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is.", + "note": "no doc" + }, + { + "property_name": "idp.oidc.SPSessionCreationStrategy", + "property_type": "Bean ID", + "property_default_value": "DefaultSPSessionCreationStrategy", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported.", + "note": "no doc" + } ] \ No newline at end of file diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 93d9ff1d9..7229a27c3 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -1,26 +1,99 @@ -import React from 'react'; +import React, { Fragment } from 'react'; import Button from 'react-bootstrap/Button'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons'; +import { Highlighter, Menu, MenuItem, Token, Typeahead } from 'react-bootstrap-typeahead'; import Translate from '../../i18n/components/translate'; +import { ToggleButton } from '../../form/component/ToggleButton'; -import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager'; +import { useProperties, usePropertiesLoading } from '../hoc/PropertiesProvider'; +import { groupBy } from 'lodash'; +import { useCallback } from 'react'; -export function ConfigurationForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { +export function ConfigurationForm({ configuration = {}, errors = [], schema, onSave, onCancel }) { - const { dispatch } = React.useContext(FormContext); - const onChange = ({ formData, errors }) => { - dispatch(setFormDataAction(formData)); - dispatch(setFormErrorAction(errors)); + const properties = useProperties(); + const loading = usePropertiesLoading(); + + const select = (data) => { + console.log(data); + setSelected(data); + }; + + const [selected, setSelected] = React.useState([]); + + const [config, setConfig] = React.useState({ name: '', properties: [] }); + + // config.properties.filter(p => p.category === item.category).length === properties.filter(p => p.category === item.category).length + + const menu = useCallback((results, menuProps, state) => { + let index = 0; + const mapped = results.map(p => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p); + const grouped = groupBy(mapped, 'category'); + const items = Object.keys(grouped).sort().map((item) => ( + + {index !== 0 && } + + + {item} - Add all + + + {grouped[item].map((i) => { + const item = + p.propertyName === i.propertyName) }> + + {`- ${i.propertyName}`} + + ; + index += 1; + return item; + })} + + )); + + return {items}; + }, [config.properties]); + + const token = (option, { onRemove }, index) => ( + + {`${option.propertyName}`} + + ); + + const addProperties = (props) => { + + const parsed = props.reduce((coll, prop, idx) => { + if (prop.isCategory) { + return [...coll, ...properties.filter(p => p.category === prop.category)]; + } else { + return [...coll, prop]; + } + }, []); + + setConfig({ + ...config, + properties: [ + ...config.properties, + ...parsed, + ] + }); + setSelected([]); }; + React.useEffect(() => console.log(selected), [selected]); + return (<>
+
+
+
+
+
+
+ + + + + + + + + + + {config.properties.map((p, idx) => ( + + + + + + + ))} + +
PropertyCategoryTypeValue
{ p.propertyName }
diff --git a/ui/src/app/admin/container/EditConfiguration.js b/ui/src/app/admin/container/EditConfiguration.js index 4703cc098..131ec0383 100644 --- a/ui/src/app/admin/container/EditConfiguration.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -3,11 +3,11 @@ import React from 'react'; import { Prompt, useHistory } from 'react-router-dom'; import { useParams } from 'react-router-dom'; import Translate from '../../i18n/components/translate'; -import { useProperties } from '../hooks'; +import { useConfigurations } from '../hooks'; import { Schema } from '../../form/Schema'; import { FormManager } from '../../form/FormManager'; -import { PropertyProvider } from '../hoc/PropertyProvider'; +import { ConfigurationsProvider } from '../hoc/ConfigurationsProvider'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; @@ -22,7 +22,7 @@ export function EditConfiguration() { const history = useHistory(); - const { put, response, loading } = useProperties(); + const { put, response, loading } = useConfigurations(); const [blocking, setBlocking] = React.useState(false); @@ -66,7 +66,7 @@ export function EditConfiguration() {
- + {(property) => {(schema) => @@ -84,7 +84,7 @@ export function EditConfiguration() { }} } - +
diff --git a/ui/src/app/admin/container/NewConfiguration.js b/ui/src/app/admin/container/NewConfiguration.js index 5169954b1..d2ece36a9 100644 --- a/ui/src/app/admin/container/NewConfiguration.js +++ b/ui/src/app/admin/container/NewConfiguration.js @@ -2,7 +2,7 @@ import React from 'react'; import { Prompt, useHistory } from 'react-router-dom'; import Translate from '../../i18n/components/translate'; -import { useProperties } from '../hooks'; +import { useConfiguration } from '../hooks'; import { Schema } from '../../form/Schema'; import { FormManager } from '../../form/FormManager'; import { ConfigurationForm } from '../component/ConfigurationForm'; @@ -10,13 +10,14 @@ import { ConfigurationForm } from '../component/ConfigurationForm'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; +import { PropertiesProvider } from '../hoc/PropertiesProvider'; export function NewConfiguration() { const history = useHistory(); const notifier = useNotificationDispatcher(); const translator = useTranslator(); - const { post, response, loading } = useProperties({}); + const { post, response, loading } = useConfiguration({}); const [blocking, setBlocking] = React.useState(false); @@ -55,24 +56,26 @@ export function NewConfiguration() {
- Add a new property + Create new configuration set
- - {(schema) => - - {(data, errors) => - save(data)} - onCancel={() => cancel()} />} - } - + + + {(schema) => + + {(data, errors) => + save(data)} + onCancel={() => cancel()} />} + } + +
diff --git a/ui/src/app/admin/hoc/ConfigurationsProvider.js b/ui/src/app/admin/hoc/ConfigurationsProvider.js index 256805cdc..495743cc2 100644 --- a/ui/src/app/admin/hoc/ConfigurationsProvider.js +++ b/ui/src/app/admin/hoc/ConfigurationsProvider.js @@ -1,31 +1,31 @@ import React from 'react'; -import { useProperties } from '../hooks'; +import { useConfigurations } from '../hooks'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; export function ConfigurationsProvider({ children, cache = 'no-cache' }) { - const [properties, setProperties] = React.useState([]); + const [configurations, setConfigurations] = React.useState([]); const notifier = useNotificationDispatcher(); const translator = useTranslator(); - const { get, del, response, loading } = useProperties({ + const { get, del, response, loading } = useConfigurations({ cachePolicy: cache }); - async function loadProperties() { + async function loadConfigurations() { const list = await get(`assets/data/properties.json`); if (response.ok) { - setProperties(list); + setConfigurations(list); } } - async function removeProperty(id) { + async function removeConfiguration(id) { let toast; const resp = await del(`/${id}`); if (response.ok) { - loadProperties(); + loadConfigurations(); toast = createNotificationAction(`Deleted property successfully.`, NotificationTypes.SUCCESS); } else { toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); @@ -36,7 +36,7 @@ export function ConfigurationsProvider({ children, cache = 'no-cache' }) { } /*eslint-disable react-hooks/exhaustive-deps*/ - React.useEffect(() => { loadProperties() }, []); + React.useEffect(() => { loadConfigurations() }, []); - return (<>{children(properties, removeProperty, loading)}); + return (<>{children(configurations, removeConfiguration, loading)}); } \ No newline at end of file diff --git a/ui/src/app/admin/hoc/PropertiesProvider.js b/ui/src/app/admin/hoc/PropertiesProvider.js new file mode 100644 index 000000000..55dde0696 --- /dev/null +++ b/ui/src/app/admin/hoc/PropertiesProvider.js @@ -0,0 +1,50 @@ +import React from 'react'; +import useFetch from 'use-http'; +import API_BASE_PATH, { BASE_PATH } from '../../App.constant'; +import has from 'lodash/has'; +import { groupBy } from 'lodash'; + + +const PropertiesContext = React.createContext(); + +const { Provider, Consumer } = PropertiesContext; + +function PropertiesProvider({ children, cache = 'no-cache' }) { + + const [properties, setProperties] = React.useState([]); + + + const { get, response, loading } = useFetch('', { + cachePolicy: cache + }); + + async function loadProperties() { + const list = await get(`${API_BASE_PATH}/shib/properties`); + if (response.ok) { + setProperties(list); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperties() }, []); + + return ({children}); +} + +function useProperties() { + const { properties } = React.useContext(PropertiesContext); + return properties; +} + +function usePropertiesLoading() { + const { loading } = React.useContext(PropertiesContext); + return loading; +} + +export { + PropertiesProvider, + PropertiesContext, + Consumer as PropertiesConsumer, + useProperties, + usePropertiesLoading, +}; diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js index 955c510a6..328391778 100644 --- a/ui/src/app/admin/hooks.js +++ b/ui/src/app/admin/hooks.js @@ -1,7 +1,7 @@ import useFetch from 'use-http'; import isNil from 'lodash/isNil'; import {isValidRegex} from '../core/utility/is_valid_regex'; -import API_BASE_PATH from '../App.constant'; +import API_BASE_PATH, { BASE_PATH } from '../App.constant'; export function useGroups (opts = { cachePolicy: 'no-cache' }) { return useFetch(`${API_BASE_PATH}/admin/groups`, opts); @@ -47,18 +47,18 @@ export function useRoleUiSchema() { return {}; } -export function useProperties (opts = { cachePolicy: 'no-cache' }) { - return useFetch(`${API_BASE_PATH}/admin/properties`, opts); +export function useConfigurations (opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/configurations`, opts); } -export function useProperty (id, opts = { cachePolicy: 'no-cache' }) { - return useFetch(`${API_BASE_PATH}/admin/property/${id}`, opts); +export function useConfiguration(id, opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/configuration/${id}`, opts); } -export function usePropertyUiSchema () { +export function useConfigurationUiSchema () { return { description: { 'ui:widget': 'textarea' } }; -} +} \ No newline at end of file diff --git a/ui/src/app/form/component/ToggleButton.js b/ui/src/app/form/component/ToggleButton.js new file mode 100644 index 000000000..d45c04cd4 --- /dev/null +++ b/ui/src/app/form/component/ToggleButton.js @@ -0,0 +1,23 @@ +import Button from 'react-bootstrap/Button'; +import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; +import { faCaretDown, faCaretUp } from "@fortawesome/free-solid-svg-icons"; + +export function ToggleButton ({ isOpen, onClick, disabled, children }) { + return ( + + ); +} + +export default ToggleButton; \ No newline at end of file diff --git a/ui/src/app/form/component/widgets/OptionWidget.js b/ui/src/app/form/component/widgets/OptionWidget.js index 92fc81b3d..b4ac812c6 100644 --- a/ui/src/app/form/component/widgets/OptionWidget.js +++ b/ui/src/app/form/component/widgets/OptionWidget.js @@ -2,31 +2,17 @@ import React, { useRef } from "react"; import ListGroup from "react-bootstrap/ListGroup"; import Form from "react-bootstrap/Form"; -import Button from 'react-bootstrap/Button'; + import Translate from "../../../i18n/components/translate"; import { InfoIcon } from "../InfoIcon"; import { Typeahead } from 'react-bootstrap-typeahead'; import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; -import { faAsterisk, faCaretDown, faCaretUp } from "@fortawesome/free-solid-svg-icons"; +import { faAsterisk } from "@fortawesome/free-solid-svg-icons"; import { useTranslator } from "../../../i18n/hooks"; +import { ToggleButton } from '../ToggleButton'; -const ToggleButton = ({ isOpen, onClick, disabled, children }) => ( - -); const OptionWidget = ({ id, diff --git a/ui/src/theme/project/index.scss b/ui/src/theme/project/index.scss index 4e36779c5..6d0de6f9a 100644 --- a/ui/src/theme/project/index.scss +++ b/ui/src/theme/project/index.scss @@ -13,6 +13,7 @@ @import './utility'; @import './notifications'; @import './filters'; +@import './typeahead'; html, body { height: 100%; diff --git a/ui/src/theme/project/typeahead.scss b/ui/src/theme/project/typeahead.scss new file mode 100644 index 000000000..0fca115fa --- /dev/null +++ b/ui/src/theme/project/typeahead.scss @@ -0,0 +1,43 @@ +@import '~react-bootstrap-typeahead/css/Typeahead'; + +.rbt-token-removeable { + cursor: pointer; + padding-right: 21px; +} + +.rbt-token { + background-color: #e7f4ff; + border: 0; + border-radius: .25rem; + color: #007bff; + display: inline-block; + line-height: 1em; + margin: 1px 3px 2px 0; + padding: 4px 7px; + padding-right: 1.8em; + position: relative; + + .rbt-token-remove-button { + bottom: 0; + color: inherit; + font-size: inherit; + font-weight: normal; + opacity: 1; + outline: none; + padding: 3px 7px; + position: absolute; + right: 0; + text-shadow: none; + top: 0px; + + box-sizing: content-box; + width: 1em; + height: 1em; + padding: .25em .25em; + color: inherit; + background: transparent url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='#007bff' %3e%3cpath d='M.293.293a1 1 0 0 1 1.414 0L8 6.586 14.293.293a1 1 0 1 1 1.414 1.414L9.414 8l6.293 6.293a1 1 0 0 1-1.414 1.414L8 9.414l-6.293 6.293a1 1 0 0 1-1.414-1.414L6.586 8 .293 1.707a1 1 0 0 1 0-1.414z'/%3e%3c/svg%3e") center/1em auto no-repeat; + border: 0; + border-radius: .375rem; + } +} + From 52a4d6b6e93fdbcb505ed9e2572687ed12dccea3 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 19 Aug 2022 15:20:06 -0700 Subject: [PATCH 48/58] SHIBUI-2270 expanding backend API and services supporting the API --- .../ui/service/ShibPropertiesBootstrap.groovy | 4 +- .../CustomPropertiesConfiguration.java | 2 +- .../controller/ShibPropertiesController.java | 58 +++++- ...bPropertiesControllerExceptionHandler.java | 44 +++++ .../ShibConfigurationProperty.java | 2 +- .../shib/properties/ShibPropertySet.java | 53 ++++++ .../shib/properties/ShibPropertySetting.java | 29 +++ .../ui/exception/EntityNotFoundException.java | 3 + .../ui/repository/ProjectionIdAndName.java | 6 + .../ShibConfigurationRepository.java | 2 +- .../repository/ShibPropertySetRepository.java | 17 ++ .../ShibPropertySettingRepository.java | 10 + .../ui/service/ShibConfigurationService.java | 21 +- .../service/ShibConfigurationServiceImpl.java | 104 +++++++++- .../ShibPropertiesControllerTests.groovy | 179 ++++++++++++++++++ .../ShibPropertySetRepositoryTests.groovy | 64 +++++++ .../ShibConfigurationServiceTests.groovy | 162 ++++++++++++++++ 17 files changed, 740 insertions(+), 20 deletions(-) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java rename backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/{ => shib/properties}/ShibConfigurationProperty.java (96%) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java create mode 100644 backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy create mode 100644 backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy create mode 100644 backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy index daf75b61e..d39485ca7 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy @@ -1,7 +1,7 @@ package edu.internet2.tier.shibboleth.admin.ui.service import com.opencsv.CSVReader -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty import groovy.util.logging.Slf4j import org.springframework.beans.factory.annotation.Autowired import org.springframework.boot.context.event.ApplicationStartedEvent @@ -62,7 +62,7 @@ class ShibPropertiesBootstrap { // Save anything that's left if (propertiesMap.size() > 0) { log.info("Saving/loading [" + propertiesMap.size() + "] properties to the database") - service.addAll(propertiesMap.values()) + service.addAllConfigurationProperties(propertiesMap.values()) } log.info("COMPLETED: ensuring base Shibboleth properties configuration has loaded") diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java index c2a032f36..ee18f0e65 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java @@ -2,7 +2,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.IRelyingPartyOverrideProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty; -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.service.CustomEntityAttributesDefinitionService; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import edu.internet2.tier.shibboleth.admin.ui.service.events.CustomEntityAttributeDefinitionChangeEvent; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index a96e2db5d..1721228d5 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -1,14 +1,28 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; +import edu.internet2.tier.shibboleth.admin.ui.domain.CustomEntityAttributeDefinition; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.annotation.Secured; import org.springframework.transaction.annotation.Transactional; +import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.servlet.support.ServletUriComponentsBuilder; + +import java.util.List; @RestController @RequestMapping(value = "/api/shib") @@ -19,7 +33,47 @@ public class ShibPropertiesController { @GetMapping("/properties") @Transactional(readOnly = true) - public ResponseEntity getAll() { - return ResponseEntity.ok(service.getAll()); + public ResponseEntity getAllConfigurationProperties() { + return ResponseEntity.ok(service.getAllConfigurationProperties()); + } + + /** + * @return a List of the set names and their ids + */ + @GetMapping("/property/set") + @Transactional(readOnly = true) + public ResponseEntity getAllPropertySets() { + return ResponseEntity.ok(service.getAllPropertySets()); + } + + @GetMapping("/property/set/{resourceId}") + @Transactional(readOnly = true) + public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { + return ResponseEntity.ok(service.getSet(resourceId)); + } + + @DeleteMapping("/property/set/{resourceId}") + @Secured("ROLE_ADMIN") + @Transactional + public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { + service.delete(resourceId); + return ResponseEntity.noContent().build(); + } + + @PostMapping("/property/set") + @Secured("ROLE_ADMIN") + @Transactional + public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) throws ObjectIdExistsException { + // If already defined, we won't/can't create a new one, nor will this call update on the definition + try { + ShibPropertySet set = service.getSet(newSet.getResourceId()); + throw new ObjectIdExistsException(Integer.toString(newSet.getResourceId())); + } + catch (EntityNotFoundException e) { + // we hope not to find this - do nothing + } + + ShibPropertySet result = service.save(newSet); + return ResponseEntity.status(HttpStatus.CREATED).body(result); } } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java new file mode 100644 index 000000000..35adfcef0 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java @@ -0,0 +1,44 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller; + +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.context.request.WebRequest; +import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler; + +@ControllerAdvice(assignableTypes = {ShibPropertiesController.class}) +public class ShibPropertiesControllerExceptionHandler extends ResponseEntityExceptionHandler { + +// @ExceptionHandler({ ConcurrentModificationException.class }) +// public ResponseEntity handleConcurrentModificationException(ConcurrentModificationException e, WebRequest request) { +// return ResponseEntity.status(HttpStatus.CONFLICT).body(new ErrorResponse(HttpStatus.CONFLICT, e.getMessage())); +// } + + @ExceptionHandler({ EntityNotFoundException.class }) + public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); + } + +// @ExceptionHandler({ ForbiddenException.class }) +// public ResponseEntity handleForbiddenAccess(ForbiddenException e, WebRequest request) { +// return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new ErrorResponse(HttpStatus.FORBIDDEN, e.getMessage())); +// } + +// @ExceptionHandler({ InvalidPatternMatchException.class }) +// public ResponseEntity handleInvalidUrlMatchException(InvalidPatternMatchException e, WebRequest request) { +// return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ErrorResponse(HttpStatus.BAD_REQUEST, e.getMessage())); +// } + + @ExceptionHandler({ ObjectIdExistsException.class }) + public ResponseEntity handleObjectIdExistsException(ObjectIdExistsException e, WebRequest request) { + HttpHeaders headers = new HttpHeaders(); + headers.setLocation(EntityDescriptorController.getResourceUriFor(e.getMessage())); + return ResponseEntity.status(HttpStatus.CONFLICT).headers(headers).body(new ErrorResponse( + String.valueOf(HttpStatus.CONFLICT.value()), + String.format("The property set with id [%s] already exists.", e.getMessage()))); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibConfigurationProperty.java similarity index 96% rename from backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java rename to backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibConfigurationProperty.java index eb0f4ea77..69e860302 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibConfigurationProperty.java @@ -1,4 +1,4 @@ -package edu.internet2.tier.shibboleth.admin.ui.domain; +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; import com.fasterxml.jackson.annotation.JsonIgnore; import edu.internet2.tier.shibboleth.admin.util.EmptyStringToNullConverter; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java new file mode 100644 index 000000000..309f7e1b6 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java @@ -0,0 +1,53 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; + +import edu.internet2.tier.shibboleth.admin.util.EmptyStringToNullConverter; +import lombok.Getter; +import lombok.RequiredArgsConstructor; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Convert; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.Id; +import javax.persistence.OneToMany; +import java.util.ArrayList; +import java.util.List; + +@Entity(name = "shib_property_set") +@Audited +@Getter +@Setter +@ToString +@RequiredArgsConstructor +public class ShibPropertySet { + @Id + @GeneratedValue + private int resourceId; + + @Column(unique = true, nullable = false) + @Convert(converter = EmptyStringToNullConverter.class) + private String name; + + @OneToMany + private List properties = new ArrayList<>(); + + @Override + public boolean equals(Object o) { + if (o instanceof ShibPropertySet) { + ShibPropertySet that = (ShibPropertySet) o; + boolean result = this.name.equals(that.name) && this.resourceId == that.resourceId && this.properties.size() == that.properties.size(); + if (result == true) { + for (ShibPropertySetting thisSetting : this.properties) { + if ( !that.properties.contains(thisSetting) ) { + return false; + } + } + } + return result; + } + return false; + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java new file mode 100644 index 000000000..2fa85ff2b --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java @@ -0,0 +1,29 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; + +import lombok.Data; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.Id; +import javax.persistence.ManyToOne; + +@Entity(name = "shib_property_setting") +@Audited +@Data +public class ShibPropertySetting { + @Id + @GeneratedValue + private int resourceId; + + @Column + private String configFile; + + @Column + private String propertyName; + + @Column + private String propertyValue; + +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java index 4d0009523..212c9f990 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java @@ -1,5 +1,8 @@ package edu.internet2.tier.shibboleth.admin.ui.exception; +/** + * Generically meaning - hibernate entity, not SAML entity + */ public class EntityNotFoundException extends Exception { public EntityNotFoundException(String message) { super(message); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java new file mode 100644 index 000000000..6731aea86 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java @@ -0,0 +1,6 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +public interface ProjectionIdAndName{ + String getResourceId(); + String getName(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java index e5889b3cd..86ed4f90a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java @@ -1,6 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.repository; -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Query; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java new file mode 100644 index 000000000..983758f32 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java @@ -0,0 +1,17 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import org.springframework.data.jpa.repository.JpaRepository; + +import java.util.List; + +/** + * Repository to manage {@link ShibPropertySet} instances. + */ +public interface ShibPropertySetRepository extends JpaRepository { + ShibPropertySet findByName(String name); + + ShibPropertySet findByResourceId(Integer id); + + List findAllBy(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java new file mode 100644 index 000000000..6dda2047b --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java @@ -0,0 +1,10 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; +import org.springframework.data.jpa.repository.JpaRepository; + +/** + * Repository to manage {@link ShibPropertySetting} instances. + */ +public interface ShibPropertySettingRepository extends JpaRepository { +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index e1eaf5897..d0c220962 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -1,16 +1,29 @@ package edu.internet2.tier.shibboleth.admin.ui.service; -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import java.util.Collection; import java.util.List; public interface ShibConfigurationService { - void addAll(Collection newProperties); + void addAllConfigurationProperties(Collection newProperties); + + void delete(int resourceId) throws EntityNotFoundException; + + List getAllConfigurationProperties(); + + List getAllPropertySets(); List getExistingPropertyNames(); - void save(ShibConfigurationProperty prop); + ShibPropertySet getSet(int resourceId) throws EntityNotFoundException; + + ShibPropertySet getSet(String name); + + ShibPropertySet save(ShibPropertySet set); - List getAll(); + ShibConfigurationProperty save(ShibConfigurationProperty prop); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index 1fec3181d..b394caa1f 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -1,35 +1,121 @@ package edu.internet2.tier.shibboleth.admin.ui.service; -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import edu.internet2.tier.shibboleth.admin.ui.repository.ShibConfigurationRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import javax.transaction.Transactional; +import java.util.ArrayList; import java.util.Collection; +import java.util.HashMap; import java.util.List; +import java.util.ResourceBundle; @Service public class ShibConfigurationServiceImpl implements ShibConfigurationService { @Autowired - private ShibConfigurationRepository repository; + private ShibConfigurationRepository shibConfigurationRepository; + + @Autowired + private ShibPropertySetRepository shibPropertySetRepository; + + @Autowired + private ShibPropertySettingRepository shibPropertySettingRepository; + + @Override + public void addAllConfigurationProperties(Collection newProperties) { + shibConfigurationRepository.saveAll(newProperties); + } + + @Override + public void delete(int resourceId) throws EntityNotFoundException { + ShibPropertySet set = shibPropertySetRepository.findByResourceId(resourceId); + if (set == null) { + throw new EntityNotFoundException(String.format("The property set with id [%s] was not found for update.", resourceId)); + } + shibPropertySettingRepository.deleteAll(set.getProperties()); + shibPropertySetRepository.delete(set); + } + + @Override + public List getAllConfigurationProperties() { + return shibConfigurationRepository.findAll(); + } @Override - public void addAll(Collection newProperties) { - repository.saveAll(newProperties); + public List getAllPropertySets() { + return shibPropertySetRepository.findAllBy(); } @Override public List getExistingPropertyNames() { - return repository.getPropertyNames(); + return shibConfigurationRepository.getPropertyNames(); + } + + @Override + public ShibPropertySet getSet(int resourceId) throws EntityNotFoundException { + ShibPropertySet result = shibPropertySetRepository.findByResourceId(resourceId); + if (result == null) { + throw new EntityNotFoundException((String.format("The property set with id [%s] was not found.", resourceId))); + } + return result; } @Override - public void save(ShibConfigurationProperty prop) { - repository.save(prop); + public ShibPropertySet getSet(String name) { + return shibPropertySetRepository.findByName(name); } @Override - public List getAll() { - return repository.findAll(); + public ShibConfigurationProperty save(ShibConfigurationProperty prop) { + return shibConfigurationRepository.save(prop); } + + @Override + @Transactional + public ShibPropertySet save(ShibPropertySet incomingPropSet) { + ShibPropertySet result = new ShibPropertySet(); + List propertiesToUpdate = new ArrayList<>(); + + if (incomingPropSet.getResourceId() == 0) { + // The incoming set is new, so treat the properties as all new as well + propertiesToUpdate.addAll(shibPropertySettingRepository.saveAll(incomingPropSet.getProperties())); + result.setName(incomingPropSet.getName()); + } else { + // if the prop set exists, get the existing entity and update it + result = shibPropertySetRepository.findByResourceId(incomingPropSet.getResourceId()); + result.setName(incomingPropSet.getName()); + + HashMap existingPropMap = new HashMap<>(); + result.getProperties().forEach(prop -> existingPropMap.put(prop.getPropertyName(), prop)); + // find props that are no longer in the set and remove them + incomingPropSet.getProperties().forEach(prop -> existingPropMap.remove(prop.getPropertyName())); + shibPropertySettingRepository.deleteAll(existingPropMap.values()); + // reset our map of existing so we can find new entries + existingPropMap.clear(); + result.getProperties().forEach(prop -> existingPropMap.put(prop.getPropertyName(), prop)); + incomingPropSet.getProperties().forEach(prop -> { + if ( !existingPropMap.containsKey(prop.getPropertyName()) ) { + ShibPropertySetting updatedEntity = shibPropertySettingRepository.save(prop); + propertiesToUpdate.add(updatedEntity); + } else { + // get the entity from the map, update it, save to update list + ShibPropertySetting updatedEntity = existingPropMap.get(prop.getPropertyName()); + updatedEntity.setConfigFile(prop.getConfigFile()); + updatedEntity.setPropertyValue(prop.getPropertyValue()); + propertiesToUpdate.add(shibPropertySettingRepository.save(updatedEntity)); + } + }); + } + result.setProperties(propertiesToUpdate); + return shibPropertySetRepository.save(result); + } + } \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy new file mode 100644 index 000000000..ae925f074 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy @@ -0,0 +1,179 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller + +import com.fasterxml.jackson.databind.ObjectMapper +import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService +import edu.internet2.tier.shibboleth.admin.ui.util.WithMockAdmin +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.test.web.servlet.setup.MockMvcBuilders +import org.springframework.web.client.RestTemplate +import spock.lang.Subject + +import javax.persistence.EntityManager +import javax.transaction.Transactional + +import static org.hamcrest.CoreMatchers.containsString +import static org.springframework.http.MediaType.APPLICATION_JSON +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status + +class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { + @Subject + def controller + + @Autowired + ObjectMapper mapper + + @Autowired + EntityManager entityManager + + @Autowired + ShibPropertySetRepository propertySetRepo + + @Autowired + ShibPropertySettingRepository propertySettingRepo + + @Autowired + ShibConfigurationService shibConfigurationService + + def defaultSetResourceId + def mockRestTemplate = Mock(RestTemplate) + def mockMvc + + @Transactional + def setup() { + controller = new ShibPropertiesController() + controller.service = shibConfigurationService + mockMvc = MockMvcBuilders.standaloneSetup(controller).build() + + ShibPropertySetting prop1 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar' + + it + } + ShibPropertySetting prop1Saved = propertySettingRepo.save(prop1) + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo2' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar2' + + it + } + ShibPropertySetting prop2Saved = propertySettingRepo.save(prop2) + entityManager.flush() + entityManager.clear() + + ArrayList values = new ArrayList<>() + values.add(prop1Saved) + values.add(prop2Saved) + def set = new ShibPropertySet() + set.setName("set1") + set.setProperties(values) + def savedSet = propertySetRepo.save(set) + entityManager.flush() + entityManager.clear() + + defaultSetResourceId = savedSet.resourceId + } + + @WithMockAdmin + def "DELETE /api/shib/property/set"() { + given: + def long setCount = propertySetRepo.count() + def long propsCount = propertySettingRepo.count() + + expect: + setCount == 1 + propsCount == 2 + + try { + mockMvc.perform(delete("/api/shib/property/set/010")) + } + catch (Exception e) { + e instanceof EntityNotFoundException + } + + when: + def result = mockMvc.perform(delete("/api/shib/property/set/" + defaultSetResourceId)) + + then: + result.andExpect(status().isNoContent()) + propertySetRepo.count() == 0 + propertySettingRepo.count() == 0 + + + } + + @WithMockAdmin + def 'GET /api/shib/property/set/{resourceId} non-existent'() { + expect: + try { + mockMvc.perform(get("/api/shib/property/set/0101")) + } + catch (Exception e) { + e instanceof EntityNotFoundException + } + } + + @WithMockAdmin + def "POST /api/shib/property/set - existing set"() { + given: + def jsonBody = mapper.writeValueAsString(propertySetRepo.findByResourceId(defaultSetResourceId)) + + expect: + try { + mockMvc.perform(post('/api/shib/property/set').contentType(APPLICATION_JSON).content(jsonBody)) + } + catch (Exception e) { + e instanceof ObjectIdExistsException + } + } + + @WithMockAdmin + def "POST /api/shib/property/set - new set"() { + when: + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'food.for.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'food2.for2.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySet set = new ShibPropertySet().with {it -> + it.properties.add(prop) + it.properties.add(prop2) + it.name = 'somerandom' + + it + } + + def jsonBody = mapper.writeValueAsString(set) + def result = mockMvc.perform(post('/api/shib/property/set').contentType(APPLICATION_JSON).content(jsonBody)) + + then: + result.andExpect(status().isCreated()).andExpect(jsonPath("\$.name").value("somerandom")) + def createdSet = propertySetRepo.findByName("somerandom") + createdSet.getProperties().size() == 2 + } +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy new file mode 100644 index 000000000..edcf106d9 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy @@ -0,0 +1,64 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository + +import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting +import org.springframework.beans.factory.annotation.Autowired + +import javax.persistence.EntityManager + +/** + * Tests to validate the repo and model for ShibPropertySetRepository + * Because of how JPA works, these are pretty basic and we put "real use" tests/logic + * into the service that manages the sets + * + * @author chasegawa + */ +class ShibPropertySetRepositoryTests extends AbstractBaseDataJpaTest { + @Autowired + EntityManager entityManager + + @Autowired + ShibPropertySetRepository repo + + def "basic CRUD operations validated"() { + given: + // No properties, just a blank set + def set = new ShibPropertySet(); + set.setName("set1") + + // Confirm empty db state + when: + def allSets = repo.findAll() + + then: + allSets.size() == 0 + + // save check + when: + def savedSet = repo.save(set) + entityManager.flush() + entityManager.clear() + + then: + def allSets2 = repo.findAll() + allSets2.size() == 1 + + // fetch checks + def fetchedSet = repo.findByResourceId(savedSet.resourceId) + savedSet.equals(fetchedSet) + + def fetchedByName = repo.findByName(savedSet.name) + savedSet.equals(fetchedByName) + + // delete check + when: + repo.delete(set) + entityManager.flush() + entityManager.clear() + def noSets = repo.findAll() + + then: + noSets.size() == 0 + } +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy new file mode 100644 index 000000000..f98f692a5 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy @@ -0,0 +1,162 @@ +package edu.internet2.tier.shibboleth.admin.ui.service + +import com.fasterxml.jackson.databind.ObjectMapper +import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository +import org.springframework.beans.factory.annotation.Autowired + +import javax.persistence.EntityManager +import javax.transaction.Transactional + +class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { + @Autowired + EntityManager entityManager + + @Autowired + ShibPropertySetRepository propertySetRepo + + @Autowired + ShibPropertySettingRepository propertySettingRepo + + @Autowired + ShibConfigurationService service + + def defaultSetResourceId + + /** + * We use the object mapper to transform to json and then back to new objects so that what we send to the service is never + * the actual hibernate entity from the db, but an unattached copy (ie what the service would be getting as input in reality) + */ + def ObjectMapper objectMapper = new ObjectMapper(); + + @Transactional + def setup() { + ShibPropertySetting prop1 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar' + + it + } + ShibPropertySetting prop1Saved = propertySettingRepo.save(prop1) + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo2' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar2' + + it + } + ShibPropertySetting prop2Saved = propertySettingRepo.save(prop2) + entityManager.flush() + entityManager.clear() + + ArrayList values = new ArrayList<>() + values.add(prop1Saved) + values.add(prop2Saved) + def set = new ShibPropertySet() + set.setName("set1") + set.setProperties(values) + def savedSet = propertySetRepo.save(set) + entityManager.flush() + entityManager.clear() + + defaultSetResourceId = savedSet.resourceId + } + + def "check delete"() { + given: + def long setCount = propertySetRepo.count() + def long propsCount = propertySettingRepo.count() + + expect: + setCount == 1 + propsCount == 2 + + when: + service.delete(defaultSetResourceId) + + then: + propertySetRepo.count() == 0 + propertySettingRepo.count() == 0 + } + + def "create new using the service"() { + when: + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'food.for.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'food2.for2.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySet set = new ShibPropertySet().with {it -> + it.properties.add(prop) + it.properties.add(prop2) + it.name = 'somerandom' + + it + } + service.save(set) + ShibPropertySet dbSet = propertySetRepo.findByName("somerandom") + + then: + dbSet.properties.size() == 2 + } + + def "update using the service (add and delete properties)"() { + when: + def defaultSet = propertySetRepo.findByResourceId(defaultSetResourceId) + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'food.for.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + + defaultSet.properties.add(prop) + // create a copy of the set so they can't possibly be real db entities + def copySet = objectMapper.readValue(objectMapper.writeValueAsString(defaultSet), ShibPropertySet.class) + service.save(copySet) + def updatedSet = propertySetRepo.findByResourceId(defaultSetResourceId) + + then: + updatedSet.properties.size() == 3 + + when: + updatedSet.properties.remove(0) + service.save(objectMapper.readValue(objectMapper.writeValueAsString(updatedSet), ShibPropertySet.class)) + def updatedSet2 = propertySetRepo.findByResourceId(defaultSetResourceId) + + then: + updatedSet2.properties.size() == 2 + } + + def "fetch with the service"() { + when: + def sets = service.getAllPropertySets() + + then: + sets.size() == 1 + def set = sets.get(0) + set.getName().equals("set1") + + when: + def theSet = service.getSet(Integer.parseInt(set.getResourceId())) + + then: + theSet.getName().equals("set1") + theSet.getProperties().size() == 2 + } + +} \ No newline at end of file From 375522a7f81024283d926833c3a8479487b88676 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 19 Aug 2022 16:15:53 -0700 Subject: [PATCH 49/58] SHIBUI-2270 expanding backend API and services supporting the API --- .../controller/ShibPropertiesController.java | 20 ++++++------ ...bPropertiesControllerExceptionHandler.java | 16 ---------- .../ui/service/ShibConfigurationService.java | 9 +++--- .../service/ShibConfigurationServiceImpl.java | 28 +++++++++++------ .../ShibPropertiesControllerTests.groovy | 31 +++++++++++++++++++ .../ShibConfigurationServiceTests.groovy | 6 ++-- 6 files changed, 68 insertions(+), 42 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index 1721228d5..8b3952954 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -17,6 +17,7 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @@ -64,16 +65,15 @@ public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) thr @Secured("ROLE_ADMIN") @Transactional public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) throws ObjectIdExistsException { - // If already defined, we won't/can't create a new one, nor will this call update on the definition - try { - ShibPropertySet set = service.getSet(newSet.getResourceId()); - throw new ObjectIdExistsException(Integer.toString(newSet.getResourceId())); - } - catch (EntityNotFoundException e) { - // we hope not to find this - do nothing - } - - ShibPropertySet result = service.save(newSet); + ShibPropertySet result = service.create(newSet); return ResponseEntity.status(HttpStatus.CREATED).body(result); } + + @PutMapping("/property/set/{resourceId}") + @Secured("ROLE_ADMIN") + @Transactional + public ResponseEntity updatePropertySet(@RequestBody ShibPropertySet setToUpdate, @PathVariable int resourceId) throws EntityNotFoundException { + ShibPropertySet result = service.update(setToUpdate); + return ResponseEntity.status(HttpStatus.OK).body(result); + } } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java index 35adfcef0..bc16bb739 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java @@ -12,27 +12,11 @@ @ControllerAdvice(assignableTypes = {ShibPropertiesController.class}) public class ShibPropertiesControllerExceptionHandler extends ResponseEntityExceptionHandler { - -// @ExceptionHandler({ ConcurrentModificationException.class }) -// public ResponseEntity handleConcurrentModificationException(ConcurrentModificationException e, WebRequest request) { -// return ResponseEntity.status(HttpStatus.CONFLICT).body(new ErrorResponse(HttpStatus.CONFLICT, e.getMessage())); -// } - @ExceptionHandler({ EntityNotFoundException.class }) public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } -// @ExceptionHandler({ ForbiddenException.class }) -// public ResponseEntity handleForbiddenAccess(ForbiddenException e, WebRequest request) { -// return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new ErrorResponse(HttpStatus.FORBIDDEN, e.getMessage())); -// } - -// @ExceptionHandler({ InvalidPatternMatchException.class }) -// public ResponseEntity handleInvalidUrlMatchException(InvalidPatternMatchException e, WebRequest request) { -// return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ErrorResponse(HttpStatus.BAD_REQUEST, e.getMessage())); -// } - @ExceptionHandler({ ObjectIdExistsException.class }) public ResponseEntity handleObjectIdExistsException(ObjectIdExistsException e, WebRequest request) { HttpHeaders headers = new HttpHeaders(); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index d0c220962..64c029d96 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -3,6 +3,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import java.util.Collection; @@ -11,6 +12,8 @@ public interface ShibConfigurationService { void addAllConfigurationProperties(Collection newProperties); + ShibPropertySet create(ShibPropertySet set) throws ObjectIdExistsException; + void delete(int resourceId) throws EntityNotFoundException; List getAllConfigurationProperties(); @@ -21,9 +24,7 @@ public interface ShibConfigurationService { ShibPropertySet getSet(int resourceId) throws EntityNotFoundException; - ShibPropertySet getSet(String name); - - ShibPropertySet save(ShibPropertySet set); - ShibConfigurationProperty save(ShibConfigurationProperty prop); + + ShibPropertySet update(ShibPropertySet setToUpdate) throws EntityNotFoundException; } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index b394caa1f..74d9e3637 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -4,6 +4,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import edu.internet2.tier.shibboleth.admin.ui.repository.ShibConfigurationRepository; import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository; @@ -11,12 +12,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import javax.transaction.Transactional; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.List; -import java.util.ResourceBundle; @Service public class ShibConfigurationServiceImpl implements ShibConfigurationService { @@ -34,6 +33,18 @@ public void addAllConfigurationProperties(Collection shibConfigurationRepository.saveAll(newProperties); } + @Override + public ShibPropertySet create(ShibPropertySet set) throws ObjectIdExistsException { + try { + getSet(set.getResourceId()); + throw new ObjectIdExistsException(Integer.toString(set.getResourceId())); + } + catch (EntityNotFoundException e) { + // we don't want to find the object + } + return save(set); + } + @Override public void delete(int resourceId) throws EntityNotFoundException { ShibPropertySet set = shibPropertySetRepository.findByResourceId(resourceId); @@ -68,19 +79,18 @@ public ShibPropertySet getSet(int resourceId) throws EntityNotFoundException { return result; } - @Override - public ShibPropertySet getSet(String name) { - return shibPropertySetRepository.findByName(name); - } - @Override public ShibConfigurationProperty save(ShibConfigurationProperty prop) { return shibConfigurationRepository.save(prop); } @Override - @Transactional - public ShibPropertySet save(ShibPropertySet incomingPropSet) { + public ShibPropertySet update(ShibPropertySet setToUpdate) throws EntityNotFoundException { + getSet(setToUpdate.getResourceId()); // check that it exists, if not it'll throw an exception + return save(setToUpdate); + } + + private ShibPropertySet save(ShibPropertySet incomingPropSet) { ShibPropertySet result = new ShibPropertySet(); List propertiesToUpdate = new ArrayList<>(); diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy index ae925f074..e5c418f9d 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy @@ -23,6 +23,7 @@ import static org.springframework.http.MediaType.APPLICATION_JSON import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath @@ -176,4 +177,34 @@ class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { def createdSet = propertySetRepo.findByName("somerandom") createdSet.getProperties().size() == 2 } + + @WithMockAdmin + def "PUT /api/shib/property/set update set that doesn't exist"() { + when: + ShibPropertySet set = propertySetRepo.findByResourceId(defaultSetResourceId) + set.resourceId = 1234 + def jsonBody = mapper.writeValueAsString(set) + + then: + try { + mockMvc.perform(put('/api/shib/property/set/1234').contentType(APPLICATION_JSON).content(jsonBody)) + } + catch (Exception e) { + e instanceof EntityNotFoundException + } + } + + @WithMockAdmin + def "PUT /api/shib/property/set update set"() { + when: + ShibPropertySet set = propertySetRepo.findByResourceId(defaultSetResourceId) + set.name = "newName" + def jsonBody = mapper.writeValueAsString(set) + def url = "/api/shib/property/set/{resourceId}" + def result = mockMvc.perform(put(url, defaultSetResourceId).contentType(APPLICATION_JSON).content(jsonBody)) + + then: + result.andExpect(status().isOk()).andExpect(jsonPath("\$.name").value("newName")) + propertySetRepo.findByResourceId(defaultSetResourceId).name.equals("newName") + } } \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy index f98f692a5..36f548215 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy @@ -106,7 +106,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { it } - service.save(set) + service.create(set) ShibPropertySet dbSet = propertySetRepo.findByName("somerandom") then: @@ -127,7 +127,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { defaultSet.properties.add(prop) // create a copy of the set so they can't possibly be real db entities def copySet = objectMapper.readValue(objectMapper.writeValueAsString(defaultSet), ShibPropertySet.class) - service.save(copySet) + service.update(copySet) def updatedSet = propertySetRepo.findByResourceId(defaultSetResourceId) then: @@ -135,7 +135,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { when: updatedSet.properties.remove(0) - service.save(objectMapper.readValue(objectMapper.writeValueAsString(updatedSet), ShibPropertySet.class)) + service.update(objectMapper.readValue(objectMapper.writeValueAsString(updatedSet), ShibPropertySet.class)) def updatedSet2 = propertySetRepo.findByResourceId(defaultSetResourceId) then: From 5e181da23ad2f721f58cf4c5fd5e2bfefd6050b1 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 19 Aug 2022 16:32:05 -0700 Subject: [PATCH 50/58] SHIBUI-2270 expanding backend API and services supporting the API --- .../ui/controller/ShibPropertiesController.java | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index 8b3952954..e81a872b8 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -1,14 +1,13 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; -import edu.internet2.tier.shibboleth.admin.ui.domain.CustomEntityAttributeDefinition; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; +import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.annotation.Secured; @@ -21,9 +20,6 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.servlet.support.ServletUriComponentsBuilder; - -import java.util.List; @RestController @RequestMapping(value = "/api/shib") @@ -34,6 +30,8 @@ public class ShibPropertiesController { @GetMapping("/properties") @Transactional(readOnly = true) + @Operation(description = "Return all the configuration properties - used to populate the UI with the know configuration properties", + summary = "Return all the configuration properties - used to populate the UI with the know configuration properties", method = "GET") public ResponseEntity getAllConfigurationProperties() { return ResponseEntity.ok(service.getAllConfigurationProperties()); } @@ -43,12 +41,16 @@ public ResponseEntity getAllConfigurationProperties() { */ @GetMapping("/property/set") @Transactional(readOnly = true) + @Operation(description = "Return a list of all the set names and their resourceId", + summary = "Return a list of all the set names and their resourceId", method = "GET") public ResponseEntity getAllPropertySets() { return ResponseEntity.ok(service.getAllPropertySets()); } @GetMapping("/property/set/{resourceId}") @Transactional(readOnly = true) + @Operation(description = "Return the property set with the given resourceId", + summary = "Return the property set with the given resourceId", method = "GET") public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { return ResponseEntity.ok(service.getSet(resourceId)); } @@ -64,6 +66,8 @@ public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) thr @PostMapping("/property/set") @Secured("ROLE_ADMIN") @Transactional + @Operation(description = "Create a property set with all new information - must not be an existing set", + summary = "Create a property set with all new information - must not be an existing set", method = "POST") public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) throws ObjectIdExistsException { ShibPropertySet result = service.create(newSet); return ResponseEntity.status(HttpStatus.CREATED).body(result); @@ -72,6 +76,8 @@ public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) @PutMapping("/property/set/{resourceId}") @Secured("ROLE_ADMIN") @Transactional + @Operation(description = "Update a property set with with the matching resourceId - must exist", + summary = "Update an existing property set with the matching resourceId - must exist", method = "PUT") public ResponseEntity updatePropertySet(@RequestBody ShibPropertySet setToUpdate, @PathVariable int resourceId) throws EntityNotFoundException { ShibPropertySet result = service.update(setToUpdate); return ResponseEntity.status(HttpStatus.OK).body(result); From d4ea0ffd3f55b66c4c17467abe26e6659e9ec683 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 22 Aug 2022 15:05:18 -0700 Subject: [PATCH 51/58] SHIBUI-2270 expanding backend API to download zip file for a file set --- .../controller/ShibPropertiesController.java | 57 ++++++++++++++++++- ...bPropertiesControllerExceptionHandler.java | 9 ++- 2 files changed, 64 insertions(+), 2 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index e81a872b8..e4d4112b1 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -1,12 +1,14 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; +import org.apache.tomcat.util.http.fileupload.IOUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -21,6 +23,15 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.zip.ZipEntry; +import java.util.zip.ZipOutputStream; + @RestController @RequestMapping(value = "/api/shib") @Tags(value = {@Tag(name = "Shibboleth Properties")}) @@ -47,7 +58,7 @@ public ResponseEntity getAllPropertySets() { return ResponseEntity.ok(service.getAllPropertySets()); } - @GetMapping("/property/set/{resourceId}") + @GetMapping(value="/property/set/{resourceId}", produces="applcation/json") @Transactional(readOnly = true) @Operation(description = "Return the property set with the given resourceId", summary = "Return the property set with the given resourceId", method = "GET") @@ -55,6 +66,50 @@ public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws return ResponseEntity.ok(service.getSet(resourceId)); } + @GetMapping(value="/property/set/{resourceId}", produces="application/zip") + @Transactional(readOnly = true) + @Operation(description = "Return the property set with the given resourceId as a zip file of the properties files", + summary = "Return the property set with the given resourceId as a zip file of the properties files", method = "GET") + public ResponseEntity getPropertySetAsZip(@PathVariable Integer resourceId) throws EntityNotFoundException, IOException { + ShibPropertySet set = service.getSet(resourceId); + StringBuilder sb = new StringBuilder("attachment; filename=\"").append(set.getName()).append(".zip\""); + return ResponseEntity.ok().header("Content-Disposition", sb.toString()).body(prepDownloadAsZip(convertPropertiesToMaps(set.getProperties()))); + } + + private Map> convertPropertiesToMaps(List properties) { + HashMap> result = new HashMap<>(); + for (ShibPropertySetting setting:properties){ + String confFile = setting.getConfigFile(); + if (!result.containsKey(confFile)) { + Map props = new HashMap<>(); + result.put(confFile,props); + } + Map props = result.get(confFile); + props.put(setting.getPropertyName(), setting.getPropertyValue()); +// result.put(confFile,props); + } + return result; + } + + private byte[] prepDownloadAsZip(Map> propertiesFiles) throws IOException { + ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream(); + ZipOutputStream zipOutputStream = new ZipOutputStream(byteOutputStream); + + for (String filename : propertiesFiles.keySet()) { + zipOutputStream.putNextEntry(new ZipEntry(filename)); + Map properties = propertiesFiles.get(filename); + StringBuilder props = new StringBuilder(); + for (String key : properties.keySet()) { + props.append(key).append("=").append(properties.get(key)).append("\n"); + } + ByteArrayInputStream inputStream = new ByteArrayInputStream(props.toString().getBytes()); + IOUtils.copy(inputStream, zipOutputStream); + zipOutputStream.closeEntry(); + } + zipOutputStream.close(); + return byteOutputStream.toByteArray(); + } + @DeleteMapping("/property/set/{resourceId}") @Secured("ROLE_ADMIN") @Transactional diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java index bc16bb739..cbc9cb133 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java @@ -10,13 +10,20 @@ import org.springframework.web.context.request.WebRequest; import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler; +import java.io.IOException; + @ControllerAdvice(assignableTypes = {ShibPropertiesController.class}) public class ShibPropertiesControllerExceptionHandler extends ResponseEntityExceptionHandler { @ExceptionHandler({ EntityNotFoundException.class }) public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } - + + @ExceptionHandler({ IOException.class }) + public ResponseEntity handleIOException(EntityNotFoundException e, WebRequest request) { + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Error creating file"); + } + @ExceptionHandler({ ObjectIdExistsException.class }) public ResponseEntity handleObjectIdExistsException(ObjectIdExistsException e, WebRequest request) { HttpHeaders headers = new HttpHeaders(); From fd68ec9408a39bef2980e2f9d22074519d4d15c8 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 22 Aug 2022 15:06:51 -0700 Subject: [PATCH 52/58] SHIBUI-2270 cleanup --- .../shibboleth/admin/ui/controller/ShibPropertiesController.java | 1 - 1 file changed, 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index e4d4112b1..b5895db41 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -86,7 +86,6 @@ private Map> convertPropertiesToMaps(List props = result.get(confFile); props.put(setting.getPropertyName(), setting.getPropertyValue()); -// result.put(confFile,props); } return result; } From 705bc5770431f72a4e393cc704996d753b60575e Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 22 Aug 2022 15:15:02 -0700 Subject: [PATCH 53/58] SHIBUI-2270 cleanup removing sql file --- .../src/main/resources/db/changelog/temp.sql | 656 ------------------ 1 file changed, 656 deletions(-) delete mode 100644 backend/src/main/resources/db/changelog/temp.sql diff --git a/backend/src/main/resources/db/changelog/temp.sql b/backend/src/main/resources/db/changelog/temp.sql deleted file mode 100644 index 927ab6522..000000000 --- a/backend/src/main/resources/db/changelog/temp.sql +++ /dev/null @@ -1,656 +0,0 @@ -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('17', 'SecurityConfiguration', 'idp.properties', 'Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified', 'all', null, null, null, null, 'idp.cookie.sameSite', 'SELECTION_LIST', 'None,Lax,Strict', null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('3', 'RelyingPartyConfiguration', 'idp.properties', 'The unique name of the IdP used as the iisuer in all SAML profiles', 'all', null, null, 'ex. https://unicon.net/idp/shibboleth', null, 'idp.entityID', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('7', 'RelyingPartyConfiguration', 'idp.properties', 'Identifies the endpoint in SAML metadata associated with artifacts issued by a server node', 'all', null, null, null, '2', 'idp.artifact.endpointIndex', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('16', 'SecurityConfiguration', 'idp.properties', 'Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)', 'all', null, null, null, '31536000', 'idp.cookie.maxAge', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('21', 'SecurityConfiguration', 'idp.properties', 'Time between checks for a new AES key version', 'all', null, null, null, 'PT15M', 'idp.sealer.updateInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('394', 'ReloadableServices', 'services.properties', 'Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads', 'all', null, null, null, '0', 'idp.service.metadata.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('537', 'OPDynamicClientRegistration', 'oidc.properties', 'Registration lifetime', '4.1', 'idp.oidc.OP', '3', null, 'PT24H', 'idp.oidc.dynreg.defaultRegistrationValidity', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('602', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Leeway allowed in token expiry calculations', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.clockSkew', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('603', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum amount (in either direction from now) of duration for which a token is valid after it is issued', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.iatWindow', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('606', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'How long the authentication is valid. Only applies to forced authentication requests.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.authLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('131', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.truststore - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustStore', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('10', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, 'file pathname', '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('4', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, null, '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('2', 'Core', 'idp.properties', 'Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.', 'all', null, null, 'Comma seperated list of values ex. /conf/ldap.properties, /conf/services.properties', null, 'idp.additionalProperties', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('23', 'SecurityConfiguration', 'idp.properties', 'Keystore resource containing AES encryption key usually a file path', 'all', null, null, 'resource path', null, 'idp.sealer.storeResource', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('12', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will be limited to TLS', 'all', null, null, null, 'false', 'idp.cookie.secure', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('71', 'SessionConfiguration', 'idp.properties', 'Whether to hide storage failures from users during session cache reads/writes', 'all', null, null, null, 'false', 'idp.session.maskStorageFailure', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('130', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load trust anchors from when using sslConfig = certificateTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.crt - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustCertificates', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('11', 'Core', 'idp.properties', 'applies a (fixed) scope typically a domain-valued suffix to an input attribute''s values', 'all', null, null, null, null, 'idp.scope', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('14', 'SecurityConfiguration', 'idp.properties', 'Overrides the domain of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.domain', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('33', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SecurityConfiguration', 'all', null, null, 'Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)', 'shibboleth.DefaultSecurityConfiguration', 'idp.security.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('34', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SignatureSigningConfiguration', 'all', null, null, 'Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)', 'shibboleth.SigningConfiguration.SHA256', 'idp.signing.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('8', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.artifact.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('18', 'SecurityConfiguration', 'idp.properties', 'Predicate condition bean controlling whether SameSite filter runs', 'all', null, null, 'Bean ID of Predicate', 'shibboleth.Conditions.FALSE', 'idp.cookie.sameSiteCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('15', 'SecurityConfiguration', 'idp.properties', 'Overrides the path of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.path', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('20', 'SecurityConfiguration', 'idp.properties', 'Type of Java keystore used for IdP''s internal AES encryption key', 'all', null, null, null, 'JCEKS', 'idp.sealer.storeType', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('40', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped messages', 'all', null, null, null, 'PT3M', 'idp.policy.messageLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('41', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped assertions', 'all', null, null, null, 'PT3M', 'idp.policy.assertionLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('42', 'SecurityConfiguration', 'idp.properties', 'Default allowance for clock differences between systems', 'all', null, null, null, 'PT3M', 'idp.policy.clockSkew', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('57', 'StorageConfiguration', 'idp.properties', 'Interval of background thread sweeping server-side storage for expired records', 'all', null, null, null, 'PT10M', 'idp.storage.cleanupInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('69', 'SessionConfiguration', 'idp.properties', 'Inactivity timeout policy for IdP sessions (must be non-zero)', 'all', null, null, null, 'PT60M', 'idp.session.timeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('70', 'SessionConfiguration', 'idp.properties', 'Extra time after expiration before removing SP sessions in case a logout is invoked', 'all', null, null, null, '0', 'idp.session.slop', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('24', 'SecurityConfiguration', 'idp.properties', 'Resource that tracks the active AES encryption key version usually a file path', 'all', null, null, null, null, 'idp.sealer.versionResource', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('66', 'SessionConfiguration', 'idp.properties', 'Number of characters in IdP session identifiers', 'all', null, null, null, '32', 'idp.session.idSize', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('27', 'SecurityConfiguration', 'idp.properties', 'Resource containing private key for signing typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('50', 'Core', 'idp.properties', 'Location from which to load user-supplied webflows from', 'all', null, null, 'resource path', '%{idp.home}/flows', 'idp.webflows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('22', 'SecurityConfiguration', 'idp.properties', 'Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)', 'all', null, null, null, 'secret', 'idp.sealer.aliasBase', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('37', 'SecurityConfiguration', 'idp.properties', 'Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration', 'all', null, null, null, 'Default', 'idp.encryption.keyagreement.metadata.defaultUseKeyWrap', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('46', 'CSRF', 'idp.properties', 'Name of the HTTP parameter that stores the CSRF token', '4', null, null, null, 'csrf_token', 'idp.csrf.token.parameter', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('61', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for message replay checking (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.replayCache.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('38', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify signatures', 'all', null, null, 'Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)', 'shibboleth.ChainingSignatureTrustEngine', 'idp.trust.signatures', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('36', 'SecurityConfiguration', 'idp.properties', 'If true failure to locate an encryption key to use won''t result in request failure', 'all', null, null, null, 'false', 'idp.encryption.optional', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('52', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to expose detailed error causes in status information provided to outside parties', 'all', null, null, null, 'false', 'idp.errors.detailed', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('58', 'StorageConfiguration', 'idp.properties', 'Whether to use HTML Local Storage (if available) instead of cookies', 'all', null, null, null, 'false', 'idp.storage.htmlLocalStorage', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('47', 'Core', 'idp.properties', 'Auto-configures an HSTS response header', 'all', null, null, null, 'max-age=0', 'idp.hsts', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('49', 'Core', 'idp.properties', 'Auto-configures a Content Security Policy response header', 'all', null, null, null, 'frame-ancestors ''none''', 'idp.csp', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('25', 'SecurityConfiguration', 'idp.properties', 'Keystore password unlocking AES encryption keystore typically set during installation', 'all', null, null, null, null, 'idp.sealer.storePassword', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('54', 'ErrorHandlingConfiguration', 'idp.properties', 'The default view name to render for exceptions and events', 'all', null, null, null, 'error', 'idp.errors.defaultView', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('59', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default per-session instance of the client storage service', 'all', null, null, null, 'shib_idp_session_ss', 'idp.storage.clientSessionStorageName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('51', 'Core', 'idp.properties', 'Location from which to load user-modifiable Velocity view templates. This can be set to include "classpath*:/META-INF/net/shibboleth/idp/views" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables suppor', 'all', null, null, 'Comma seperated list of values', '%{idp.home}/views', 'idp.views', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('48', 'Core', 'idp.properties', 'Auto-configures an X-Frame-Options response header', 'all', null, null, null, 'DENY', 'idp.frameoptions', 'SELECTION_LIST', 'DENY,SAMEORIGIN', null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('74', 'SessionConfiguration', 'idp.properties', 'Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting', 'all', null, null, null, 'PT2H', 'idp.session.defaultSPlifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('76', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default amount of time to allow reuse prior authentication flows', 'all', null, null, 'measured since first usage', 'PT60M', 'idp.authn.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('77', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default inactivity timeout to prevent reuse of prior authentication flows', 'all', null, null, 'measured since last usage', 'PT30M', 'idp.authn.defaultTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('86', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.attribute-release.userStorageKeyAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('98', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit', 'all', null, null, null, '10', 'idp.consent.maxStoredRecords', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('28', 'SecurityConfiguration', 'idp.properties', 'Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.cert', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('100', 'ConsentConfiguration', 'idp.properties', 'Time in milliseconds to expire consent storage records', '4.x', null, null, '(v4.0=P1Y,v4.1=infinite)', null, 'idp.consent.storageRecordLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('90', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.terms-of-use.userStorageKeyAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('91', 'ConsentConfiguration', 'idp.properties', 'Suffix of message property used as value of consent storage records when idp.consent.compareValues is true', 'all', null, null, null, '.text', 'idp.consent.terms-of-use.consentValueMessageCodeSuffix', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('31', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate private key for decryption generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.key.2', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('84', 'ConsentConfiguration', 'idp.properties', 'Name of storage service used to store users'' consent choices', 'all', null, null, null, 'shibboleth.ClientPersistentStorageService', 'idp.consent.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('85', 'ConsentConfiguration', 'idp.properties', 'Name of function used to return the String storage key representing a user defaults to the principal name', 'all', null, null, null, 'shibboleth.consent.PrincipalConsentStorageKey', 'idp.consent.attribute-release.userStorageKey', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('72', 'SessionConfiguration', 'idp.properties', 'Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)', 'all', null, null, null, 'false', 'idp.session.trackSPSessions', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('73', 'SessionConfiguration', 'idp.properties', 'Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)', 'all', null, null, null, 'false', 'idp.session.secondaryServiceIndex', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('55', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it''s not necessary to fully qualify the class).', 'all', null, null, 'Bean ID of Properties (java.util.Properties)', null, 'idp.errors.excludedExceptions', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('56', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)', 'all', null, null, 'Bean ID of Collection (java.util)', null, 'idp.errors.exceptionMappings', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('79', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to prioritize prior authentication results when an SP requests more than one possible matching method', 'all', null, null, null, 'false', 'idp.authn.favorSSO', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('81', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to fail requests if a user identity after authentication doesn''t match the identity in a pre-existing session.', 'all', null, null, null, 'false', 'idp.authn.identitySwitchIsError', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('32', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate public key certificate generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.cert.2', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('30', 'SecurityConfiguration', 'idp.properties', 'Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.cert', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('29', 'SecurityConfiguration', 'idp.properties', 'Resource containing a private key for decryption typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('75', 'AuthenticationConfiguration', 'authn/authn.properties', 'Required expression that identifies the login flows to globally enable', 'all', null, null, 'ex. Password, MA, DUO', null, 'idp.authn.flows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('60', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default persistent instance of the client storage service', 'all', null, null, null, 'shib_idp_persistent_ss', 'idp.storage.clientPersistentStorageName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('26', 'SecurityConfiguration', 'idp.properties', 'Key password unlocking AES encryption key typically set to the same as the previous property and set during installation', 'all', null, null, null, null, 'idp.sealer.keyPassword', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('65', 'SessionConfiguration', 'idp.properties', 'Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)', '4.2', null, null, null, 'shib_idp_session', 'idp.session.cookieName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('82', 'AuthenticationConfiguration', 'authn/authn.properties', 'Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose', '4.1', null, null, null, null, 'idp.authn.discoveryURL', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('99', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using larger/server-side storage, 0 = no limit', 'all', null, null, null, '0', 'idp.consent.expandedMaxStoredRecords', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('88', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.attribute-release.auditFormat', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('93', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.terms-of-use.auditFormat', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('121', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'GeneralImpersonationPolicy', 'idp.impersonate.generalPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('152', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to search with the validateFilter: defaults to the rootDSE', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.pool.LDAP.validateDN', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('122', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'SpecificImpersonationPolicy', 'idp.impersonate.specificPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('124', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection URI for LDAP directory', 'all', null, null, 'LDAP URI ex. ldap://localhost or ldaps://localhost - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.ldapURL', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('114', 'FTICKSLoggingConfiguration', 'idp.properties', 'Digest algorithm used to obscure usernames', 'all', null, null, null, 'SHA-2', 'idp.fticks.algorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('116', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog host', 'all', null, null, null, 'localhost', 'idp.fticks.loghost', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('112', 'FTICKSLoggingConfiguration', 'idp.properties', 'Enables F-TICKS output and specifies the value of the federation-identifier field', 'all', null, null, null, null, 'idp.fticks.federation', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('137', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDNCredential', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('115', 'FTICKSLoggingConfiguration', 'idp.properties', 'A salt to apply when digesting usernames (if not specified, the username will not be included)', 'all', null, null, null, null, 'idp.fticks.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('138', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator', 'all', null, null, 'ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.dnFormat', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('109', 'CasProtocolConfiguration', 'idp.properties', 'Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed "simple" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)', 'all', null, null, null, 'shibboleth.StorageService', 'idp.cas.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('113', 'FTICKSLoggingConfiguration', 'idp.properties', 'Optional bean name of a Predicate to use to decide whether to run', '4.1', null, null, null, null, 'idp.fticks.condition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('110', 'CasProtocolConfiguration', 'idp.properties', 'CAS service registry implementation class', 'all', null, null, null, 'net.shibboleth.idp.cas.service.PatternServiceRegistry', 'idp.cas.serviceRegistryClass', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('107', 'Core', 'idp.properties', 'Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)', 'all', null, null, 'Bean ID of HttpClient to use for SOAP-based logout', 'SOAPClient.HttpClient', 'idp.soap.httpClient', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('106', 'LogoutConfiguration', 'idp.properties', 'Applies the "display:none" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user', '4.2', null, null, null, 'false', 'idp.logout.propagationHidden', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('119', 'Core', 'idp.properties', 'Set to true to fail on velocity syntax errors', 'all', null, null, null, 'false', 'idp.velocity.runtime.strictmode', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('162', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it', '4.1', null, null, null, null, 'idp.authn.Krb5.servicePrincipal', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('117', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog port', 'all', null, null, null, '514', 'idp.fticks.logport', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('120', 'Core', 'idp.properties', 'Path to use with External interceptor flow', 'all', null, null, null, 'contextRelative:intercept.jsp', 'idp.intercept.External.externalPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('108', 'Core', 'idp.properties', 'languages to use if no match can be found with the browser-supported languages', 'all', null, null, 'Comma seperated list of values ex. en, fr, de', null, 'idp.ui.fallbackLanguages', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('154', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between looking for idle connections to reduce the pool back to its minimum size', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.prunePeriod', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('151', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between validation if idp.pool.LDAP.validatePeriodically is true', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.validatePeriod', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('166', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.External', null, null, '1000', 'idp.authn.External.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('141', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Policy Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordPolicy', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('321', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('176', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('153', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Search filter to execute in order to validate a pooled connection', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', '(objectClass=*)', 'idp.pool.LDAP.validateFilter', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('191', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('192', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('184', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('185', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('187', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('181', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUser', null, 'regex expected', null, 'idp.authn.RemoteUser.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('202', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'A regular expression that must match the username', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('158', 'JAASAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited set of JAAS application configuration names to use', '4.1', null, null, null, 'ShibUserPassAuth', 'idp.authn.JAAS.loginConfigNames', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('164', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.External', null, null, 'contextRelative:external.jsp', 'idp.authn.External.externalAuthnPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('221', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Servlet-relative path to the SPNEGO external authentication implementation', '4.1', 'idp.authn.SPNEGO', null, 'URL path', '/Authn/SPNEGO', 'idp.authn.SPNEGO.externalAuthnPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('207', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.RemoteUserInternal', null, null, '1000', 'idp.authn.RemoteUserInternal.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('224', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.SPNEGO', null, 'regex expected', null, 'idp.authn.SPNEGO.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('211', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.RemoteUserInternal.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('206', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('214', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.RemoteUserInternal.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('216', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('217', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('230', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SPNEGO.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('208', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('215', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.RemoteUserInternal.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('540', 'OPMetadataPolicies', 'oidc.properties', 'Full path to the file containing default metadata policy used for dynamic client registration', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.dynreg.defaultMetadataPolicyFile', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('205', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'contextRelative:external.jsp', 'idp.authn.RemoteUserInternal.externalAuthnPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('225', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Name of cookie used to track auto-login state of client', '4.2', 'idp.authn.SPNEGO', null, null, '_idp_spnego_autologin', 'idp.authn.SPNEGO.cookieName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('303', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.integrationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('304', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.secretKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('197', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited lists of request attributes to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('226', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.SPNEGO', null, null, '1000', 'idp.authn.SPNEGO.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('218', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('236', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('250', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('251', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('242', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('234', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SPNEGO.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('248', 'X509AuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('249', 'X509AuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('263', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509Internal.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('243', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('244', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('399', 'ReloadableServices', 'services.properties', 'Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry', 'all', null, null, null, 'true', 'idp.service.attribute.registry.encodeType', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('403', 'ReloadableServices', 'services.properties', 'Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.resolver.maskFailures', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('405', 'ReloadableServices', 'services.properties', 'Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so ther', '4.2', null, null, null, 'true', 'idp.service.attribute.resolver.suppressDisplayInfo', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('264', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509Internal.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('198', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of request headers to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkHeaders', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('203', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to accept while blocking all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.allowedUsernames', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('204', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to deny while accepting all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.deniedUsernames', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('219', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.RemoteUserInternal.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('360', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:mace:shibboleth:1.0:nameIdentifier', 'idp.nameid.saml1.default', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('241', 'X509AuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.X509', null, null, '1000', 'idp.authn.X509.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('256', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.X509Internal.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('237', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step', '4.1', null, null, null, null, 'idp.authn.SAML.outboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('265', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('266', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('291', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.Function.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('292', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.Function.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('579', 'OPSubClaim', 'oidc.properties', 'Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('598', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.secretKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('608', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI integration key supplied by Duo', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.nonbrowser.integrationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('643', 'Metadatagen', 'mdgen.properties', 'A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.displayname.', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('279', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('280', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('293', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('294', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('319', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('320', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('353', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('314', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.Duo.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('311', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('336', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.SAML.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('358', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for generating transient IDs', 'all', null, null, 'Bean ID of a TransientIdGenerationStrategy', 'shibboleth.CryptoTransientIdGenerator', 'idp.transientId.generator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('333', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', null, null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SAML.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('348', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.MFA.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('327', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of Function to run at the late stages of Response decoding/processing', '4.1', null, null, null, null, 'idp.authn.SAML.inboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('328', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of AssertionValidator to run', '4.1', null, null, null, null, 'idp.authn.SAML.assertionValidator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('338', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('339', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('337', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SAML.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('351', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.MFA.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('352', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.MFA.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('330', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.SAML.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('296', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Function', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.Function.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('305', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Factor', 'idp.duo.nonbrowser.header.factor', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('306', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Device', 'idp.duo.nonbrowser.header.device', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('331', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('332', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('335', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.SAML.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('307', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Passcode', 'idp.duo.nonbrowser.header.passcode', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('299', 'DuoAuthnConfiguration', 'authn/duo.properties', 'A secret supplied by you and not shared with Duo; see https://duo.com/docs/duoweb-v2, "Generate an akey".', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.applicationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('300', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.integrationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('322', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Duo', null, null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.Duo.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('301', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.secretKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('325', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Statically-defined entityID of IdP to use for authentication', '4.1', null, null, null, null, 'idp.authn.SAML.proxyEntityID', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('359', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'idp.nameid.saml2.default', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('329', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.SAML.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('344', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.MFA', null, null, '1000', 'idp.authn.MFA.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('340', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('370', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services', 'all', null, null, null, 'shibboleth.ComputedIdExceptionMap', 'idp.persistentId.exceptionMap', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('388', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for RelyingPartyConfiguration', 'all', null, null, null, 'shibboleth.RelyingPartyResolverResources', 'idp.service.relyingparty.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('367', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'An encoded form of the persistentId.salt', 'all', null, null, null, null, 'idp.persistentId.encodedSalt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('389', 'ReloadableServices', 'services.properties', 'Fail at startup if RelyingPartyConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.relyingparty.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('362', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies a data source for storage-based management of persistent IDs', 'all', null, null, 'Bean ID of a JDBC DataSource', null, 'idp.persistentId.dataSource', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('361', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for sourcing persistent IDs', 'all', null, null, 'Bean ID of a PairwiseIdStore', 'shibboleth.ComputedPersistentIdGenerator', 'idp.persistentId.generator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('391', 'ReloadableServices', 'services.properties', 'See MetadataDrivenConfiguration SAML Attribute Name Format Usage', 'all', null, null, null, 'false', 'idp.service.relyingparty.ignoreUnmappedEntityAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('393', 'ReloadableServices', 'services.properties', 'Fail at startup if MetadataConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.metadata.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('368', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The hash algorithm used when using computed persistent IDs', 'all', null, null, null, 'SHA', 'idp.persistentId.algorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('423', 'ReloadableServices', 'services.properties', 'Seconds between reloads of message property resources', 'all', null, null, null, '300', 'idp.message.cacheSeconds', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('392', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for MetadataConfiguration', 'all', null, null, null, 'shibboleth.MetadataResolverResources', 'idp.service.metadata.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('396', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeRegistryConfiguration', 'all', null, null, null, 'shibboleth.AttributeRegistryResources', 'idp.service.attribute.registry.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('400', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeResolverConfiguration', 'all', null, null, null, 'shibboleth.AttributeResolverResources', 'idp.service.attribute.resolver.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('398', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.registry.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('406', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeFilterConfiguration', 'all', null, null, null, 'shibboleth.AttributeFilterResources', 'idp.service.attribute.filter.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('402', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.resolver.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('410', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for NameIDGenerationConfiguration', 'all', null, null, null, 'shibboleth.NameIdentifierGenerationResources', 'idp.service.nameidGeneration.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('413', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AccessControlConfiguration', 'all', null, null, null, 'shibboleth.AccessControlResource', 'idp.service.access.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('416', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for CASServiceRegistry configuration', 'all', null, null, null, 'shibboleth.CASServiceRegistryResources', 'idp.service.cas.registry.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('408', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.filter.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('412', 'ReloadableServices', 'services.properties', 'Time to notice changes to NameIDGenerationConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.nameidGeneration.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('415', 'ReloadableServices', 'services.properties', 'Time to notice changes to AccessControlConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.access.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('418', 'ReloadableServices', 'services.properties', 'Time to notice CASServiceRegistry configuration changes and reload service', 'all', null, null, null, '0', 'idp.service.cas.registry.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('421', 'ReloadableServices', 'services.properties', 'Time to notice ManagedBeanConfiguration changes and reload service', 'all', null, null, null, '0', 'idp.service.managedBean.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('369', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64', 'all', null, null, null, 'BASE64', 'idp.persistentId.encoding', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('397', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeRegistryConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.registry.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('401', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeResolverConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('404', 'ReloadableServices', 'services.properties', 'Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invis', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.stripNulls', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('407', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeFilterConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.filter.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('411', 'ReloadableServices', 'services.properties', 'Fail at startup if NameIDGenerationConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.nameidGeneration.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('417', 'ReloadableServices', 'services.properties', 'Fail at startup if CASServiceRegistry configuration is invalid', 'all', null, null, null, 'false', 'idp.service.cas.registry.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('373', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of error strings to identify as retryable failures', '4.1', null, null, null, '23000,23505', 'idp.persistentId.retryableErrors', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('364', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable', 'all', null, null, null, null, 'idp.persistentId.sourceAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('375', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides the name of the table in the database', '4.1', null, null, null, 'shibpid', 'idp.persistentId.tableName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('376', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localEntity', 'idp.persistentId.localEntityColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('377', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerEntity', 'idp.persistentId.peerEntityColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('378', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'principalName', 'idp.persistentId.principalNameColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('379', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localId', 'idp.persistentId.sourceIdColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('380', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'persistentId', 'idp.persistentId.persistentIdColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('381', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerProvidedId', 'idp.persistentId.peerProvidedIdColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('419', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for ManagedBeanConfiguration', 'all', null, null, null, 'shibboleth.ManagedBeanResources', 'idp.service.managedBean.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('422', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying Spring message property resources', 'all', null, null, null, 'shibboleth.MessageSourceResources', 'idp.message.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('560', 'OPDiscovery', 'oidc.properties', 'Implementation bean for discovery shouldn''t require alteration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.DefaultOpenIdConfigurationResolver', 'idp.oidc.discovery.resolver', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('574', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function called shibboleth.oidc.AllowedScopeStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedScope', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('575', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedAudience', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('570', 'OPDynamicClientRegistration', 'oidc.properties', 'Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy', 'idp.oidc.admin.registration.lookup.policy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('382', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'creationDate', 'idp.persistentId.createTimeColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('383', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'deactivationDate', 'idp.persistentId.deactivationTimeColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('573', 'OPClientResolution', 'oidc.properties', 'Name of bean used to define the resources to use in configuring this service', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ClientInformationResolverResources', 'idp.service.clientinfo.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('650', 'OIDC OP', 'oidc.properties', 'Storage for storing remote jwk sets.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.StorageService', 'idp.oidc.jwk.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('433', 'MetadataReload', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('434', 'MetadataReload', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.reload.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('366', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'A secret salt for the hash when using computed persistent IDs', 'all', null, null, null, null, 'idp.persistentId.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('428', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('430', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('424', 'Status', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Status', 'idp.status.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('425', 'Status', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.status.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('431', 'MetadataReload', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Reload', 'idp.reload.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('435', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('438', 'AACLI', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'ResolverTest', 'idp.resolvertest.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('437', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('497', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of subjectAltName extension types to look for', '4.1', null, null, 'Comma seperated list of integer values', null, 'idp.c14n.x500.subjectAltNameTypes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('439', 'AACLI', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.resolvertest.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('442', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('444', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('445', 'MetadataQuery', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'MetadataQuery', 'idp.mdquery.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('498', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attribute OIDs to search for in the subject DN', '4.1', null, null, 'Comma seperated list of integer values', '2,5,4,3', 'idp.c14n.x500.objectIDs', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('493', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.c14n.attribute.resolutionCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('651', 'OIDC OP', 'oidc.properties', 'Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.metadata.saml', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('655', 'OIDC OP', 'oidc.properties', 'Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultRequestLoginHintLookupFunction', 'idp.oidc.LoginHintLookupStrategy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('656', 'OIDC OP', 'oidc.properties', 'Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultSPSessionCreationStrategy', 'idp.oidc.SPSessionCreationStrategy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('19', 'SecurityConfiguration', 'idp.properties', 'Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.', 'all', null, null, 'Bean ID of DataSealerKeyStrategy', 'shibboleth.DataSealerKeyStrategy', 'idp.sealer.keyStrategy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('103', 'LogoutConfiguration', 'idp.properties', 'If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session', 'all', null, null, 'Bean ID of Predicate', 'false', 'idp.logout.promptUser', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('44', 'SecurityConfiguration', 'idp.properties', 'Overrides the X509KeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.X509KeyInfoGeneratorFactory', 'idp.security.x509KeyInfoFactory', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('64', 'SessionConfiguration', 'idp.properties', 'Bean name of a storage implementation/configuration to use for IdP sessions', 'all', null, null, 'Bean ID of StorageService (org.opensaml.storage)', 'shibboleth.ClientSessionStorageService', 'idp.session.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('312', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('446', 'MetadataQuery', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.mdquery.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('313', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('484', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('517', 'OIDC OP', 'oidc.properties', 'Set the Open ID Connect Issuer value', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.issuer', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('68', 'SessionConfiguration', 'idp.properties', 'A 2-argument predicate that compares a bound session''s address to a client address', 'all', null, null, 'BiPredicate', 'Direct string comparison', 'idp.session.consistentAddressCondition', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('518', 'OPToken', 'oidc.properties', 'Lifetime of ID token', '4.1', 'idp.oidc.OP', '3', null, 'PT1H', 'idp.oidc.idToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('524', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.encodedAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('529', 'OPAuthorization', 'oidc.properties', 'Bean ID of StorageService for revocation cache requires server-side storage', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.StorageService', 'idp.oidc.revocationCache.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('545', 'OPSecurity', 'oidc.properties', 'Allows override of default signing configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.SigningConfiguration', 'idp.oidc.signing.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('546', 'OPSecurity', 'oidc.properties', 'Allows override of default encryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.EncryptionConfiguration', 'idp.oidc.encryption.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('547', 'OPSecurity', 'oidc.properties', 'Allows override of default request decryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.requestObjectDecryptionConfiguration', 'idp.oidc.rodecrypt.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('519', 'OPToken', 'oidc.properties', 'Lifetime of access token', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oidc.accessToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('520', 'OPAuthorization', 'oidc.properties', 'Lifetime of authorization code', '4.1', 'idp.oidc.OP', '3', null, 'PT5M', 'idp.oidc.authorizeCode.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('521', 'OPToken', 'oidc.properties', 'Lifetime of refresh token', '4.1', 'idp.oidc.OP', '3', null, 'PT2H', 'idp.oidc.refreshToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('528', 'OPRevocation', 'oidc.properties', 'Lifetime of entries in revocation cache for authorize code', '4.1', 'idp.oidc.OP', '3', null, 'PT6H', 'idp.oidc.revocationCache.authorizeCode.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('535', 'OPToken', 'oidc.properties', 'Lifetime of access token issued to client for resource server', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oauth2.accessToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('544', 'OPSecurity', 'oidc.properties', 'JWK RSA decryption keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-encryption-rsa.jwk', 'idp.signing.oidc.rsa.enc.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('543', 'OPSecurity', 'oidc.properties', 'JWK EC signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-es.jwk', 'idp.signing.oidc.es.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('449', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('451', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('455', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('542', 'OPSecurity', 'oidc.properties', 'JWK RSA signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-rs.jwk', 'idp.signing.oidc.rs.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('452', 'MetricsConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Metrics', 'idp.metrics.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('457', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('462', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('464', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('458', 'HelloWorldConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Hello', 'idp.hello.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('459', 'HelloWorldConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByAdminUser', 'idp.hello.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('527', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to omit from UserInfo token', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.deniedUserInfoAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('526', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to always include in ID token regardless of response_type', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.alwaysIncludedAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('541', 'OPDynamicClientRegistration', 'oidc.properties', 'The acceptable client authentication methods when using dynamic registration', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.dynreg.tokenEndpointAuthMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('530', 'OPToken', 'oidc.properties', 'The acceptable client authentication methods', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.tokenEndpointAuthMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('531', 'OPToken', 'oidc.properties', 'OAuth grant types to allow', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'authorization_code,refresh_token', 'idp.oauth2.grantTypes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('553', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.oidc.OP', '3', null, '1000', 'idp.authn.OAuth2Client.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('565', 'OPDynamicClientRegistration', 'oidc.properties', 'Default access token lifetime if not specified', '4.1', 'idp.oidc.OP', '3', null, 'P1D', 'idp.oidc.admin.registration.defaultTokenLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('572', 'OPClientResolution', 'oidc.properties', 'When non-zero enables monitoring of resources for service reload', '4.1', 'idp.oidc.OP', '3', null, 'PT0S', 'idp.service.clientinfo.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('555', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.Conditions.TRUE', 'idp.authn.OAuth2Client.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('558', 'OPCustomFilterRegistration', 'oidc.properties', 'By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ResponseHeaderFilter', 'idp.oidc.ResponseHeaderFilter', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('35', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default EncryptionConfiguration', 'all', null, null, 'Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)', 'shibboleth.EncryptionConfiguration.CBC', 'idp.encryption.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('43', 'SecurityConfiguration', 'idp.properties', 'Overrides the BasicKeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.BasicKeyInfoGeneratorFactory', 'idp.security.basicKeyInfoFactory', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('39', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify TLS certificates', 'all', null, null, 'Bean ID of TrustEngine (org.opensaml.security.trust)', 'shibboleth.ChainingX509TrustEngine', 'idp.trust.certificates', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('550', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether all validators must succeed or just one', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.authn.OAuth2Client.requireAll', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('552', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution', '4.1', 'idp.oidc.OP', '3', 'use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.', 'false', 'idp.authn.OAuth2Client.retainAsPrivateCredential', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('563', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to enable user authentication for requests', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('466', 'AccountLockoutManagement', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.lockout.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('472', '?', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Storage', 'idp.storage.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('473', '?', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.storage.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('478', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'UnlockKeys', 'idp.unlock-keys.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('561', 'OPDynamicClientRegistration', 'oidc.properties', 'Audit logging label for this profile', '4.1', 'idp.oidc.OP', '3', null, 'IssueRegistrationAccessToken', 'idp.oidc.admin.registration.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('566', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to all requests', '4.1', 'idp.oidc.OP', '3', null, 'AccessByIPAddress', 'idp.oidc.admin.registration.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('584', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.DuoOIDC.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('610', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Factor', 'idp.duo.oidc.nonbrowser.header.factor', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('580', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.DuoOIDC', '1', null, '1000', 'idp.authn.DuoOIDC.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('587', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.DuoOIDC.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('479', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.unlock-keys.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('483', 'AttendedRestartConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.unlock-keys.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('490', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)', '4.1', null, null, null, null, 'idp.c14n.attribute.attributesToResolve', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('588', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.DuoOIDC.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('491', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue', '4.1', null, null, null, null, 'idp.c14n.attribute.attributeSourceIds', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('503', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml1sso', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('591', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.authn.DuoOIDC.subjectDecorator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('589', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('590', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('315', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('316', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('481', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.unlock-keys.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('482', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.unlock-keys.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('485', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('581', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('45', 'CSRF', 'idp.properties', 'Enables CSRF protection', '4', null, null, null, 'true', 'idp.csrf.enabled', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('522', 'OPToken', 'oidc.properties', 'Whether client is required to use PKCE', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.forcePKCE', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('615', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for the connection to be established', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('612', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Passcode', 'idp.duo.oidc.nonbrowser.header.passcode', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('642', 'Metadatagen', 'mdgen.properties', 'The width of the logo in pixels', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.width', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('635', 'TOTP', 'authn/authn.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.TOTP', '1', null, null, 'idp.authn.TOTP.subjectDecorator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('633', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('616', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for a connection to be returned from the connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionRequestTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('617', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum period inactivity between two consecutive data packets', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.socketTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('631', 'TOTP', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.TOTP.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('632', 'TOTP', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.TOTP.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('641', 'Metadatagen', 'mdgen.properties', 'The height of the logo in pixels.', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.height', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('634', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('628', 'TOTP', 'authn/authn.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.TOTP.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('620', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'To enable certificate revocation checking', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'false', 'idp.duo.oidc.nimbus.checkRevocation', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('625', 'TOTP', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('626', 'TOTP', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('53', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)', 'all', null, null, null, 'true', 'idp.errors.signed', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('504', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml1attrquery', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('505', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml1artifact', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('506', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml2sso', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('618', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max total simultaneous connections allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsTotal', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('619', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max simultaneous connections per route allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsPerRoute', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('624', 'TOTP', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.TOTP', '1', null, '1000', 'idp.authn.TOTP.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('640', 'Metadatagen', 'mdgen.properties', 'Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path (''/path/to/logo'') is use', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.logo.path', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('639', 'Metadatagen', 'mdgen.properties', 'Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.backchannel.cert', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('638', 'Metadatagen', 'mdgen.properties', 'Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.dnsname', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('647', 'OIDC OP', 'oidc.properties', 'The validity of client secret registered', '4.1', 'idp.oidc.OP', '3', 'no doc', 'P12M', 'idp.oidc.dynreg.defaultSecretExpiration', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('652', 'OIDC OP', 'oidc.properties', 'Upgrade interval to the remote JWKs', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT30M', 'idp.oidc.jwksuri.fetchInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('653', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT5M', 'idp.oidc.config.minRefreshDelay', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('654', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT4H', 'idp.oidc.config.maxRefreshDelay', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('507', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml2attrquery', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('508', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml2artifact', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('509', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.saml2slo', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('510', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.logout', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('511', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.cas', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('512', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Status', 'idp.service.logging.status', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('513', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ResolverTest', 'idp.service.logging.resolvertest', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('514', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Reload', 'idp.service.logging.serviceReload', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('515', 'AuditLoggingConfiguration', 'services.properties', 'Hash algorithm to apply to various hashed fields', '4.1', null, null, null, 'SHA-256', 'idp.audit.hashAlgorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('516', 'AuditLoggingConfiguration', 'services.properties', 'Salt to apply to hashed fields must be set to use those fields', '4.1', null, null, null, null, 'idp.audit.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('536', 'OPRevocation', 'oidc.properties', 'The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token', '4.1', 'idp.oidc.OP', '3', null, 'CHAIN', 'idp.oauth2.revocationMethod', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('538', 'OPDynamicClientRegistration', 'oidc.properties', 'The default scopes accepted in dynamic registration', '4.1', 'idp.oidc.OP', '3', null, 'openid profile email address phone offline_access', 'idp.oidc.dynreg.defaultScope', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('539', 'OPDynamicClientRegistration', 'oidc.properties', 'The default subject type if not set by client in request. Maybe set to pairwise or public.', '4.1', 'idp.oidc.OP', '3', null, 'public', 'idp.oidc.dynreg.defaultSubjectType', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('533', 'OPToken', 'oidc.properties', 'Format of access token. Supported values are JWT or nothing.', '4.1', 'idp.oidc.OP', '3.2', null, null, 'idp.oauth2.accessToken.type', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('567', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyLocation', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyLocationPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('568', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyIdPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('569', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a clientId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.clientIdPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('577', 'OPSubClaim', 'oidc.properties', 'The source attribute used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.sourceAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('578', 'OPSubClaim', 'oidc.properties', 'The digest algorithm used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, 'SHA', 'idp.oidc.subject.algorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('594', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'DuoOIDC API hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.apiHost', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('649', 'OIDC OP', 'oidc.properties', 'Bean to determine whether dynamic registration should validate the remote JWK set if it''s defined in the request', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.dynreg.validateRemoteJwks', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('1', 'Core', 'idp.properties', 'Auto-load all files matching conf/**/*.properties', '4', null, null, null, 'true', 'idp.searchForProperties', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('5', 'RelyingPartyConfiguration', 'idp.properties', 'Whether to allow use of the SAML artifact bindings when sending messages', 'all', null, null, null, 'true', 'idp.artifact.enabled', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('6', 'RelyingPartyConfiguration', 'idp.properties', 'Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)', 'all', null, null, null, 'true', 'idp.artifact.secureChannel', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('9', 'RelyingPartyConfiguration', 'idp.properties', 'Controls whether the outbound binding selection is ordered by the SP''s metadata or the IdP''s preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also', '4.1', null, null, null, 'true', 'idp.bindings.inMetadataOrder', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('13', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property', 'all', null, null, null, 'true', 'idp.cookie.httpOnly', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('595', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The OAuth 2.0 Client Identifier valid at the Authorization Server', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.clientId', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('596', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Redirection URI to which the 2FA response will be sent', '4.1', 'idp.authn.DuoOIDC', '1', 'ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback', null, 'idp.duo.oidc.redirectURL', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('592', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.DuoOIDC.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('597', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.redirecturl.allowedOrigins', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('599', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 health check endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/health_check', 'idp.duo.oidc.endpoint.health', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('600', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 token endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.endpoint.token', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('601', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 authorization endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/authorize', 'idp.duo.oidc.endpoint.authorize', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('604', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.jwt.verifier.issuerPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('605', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'preferred_username', 'idp.duo.oidc.jwt.verifier.preferredUsername', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('607', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.duo.oidc.apiHost}', 'idp.duo.oidc.nonbrowser.apiHost', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('611', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Device', 'idp.duo.oidc.nonbrowser.header.device', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('621', 'TOTP', 'authn/authn.properties', 'Name of request header to use for extracting non-browser submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'X-Shibboleth-TOTP', 'idp.authn.TOTP.headerName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('622', 'TOTP', 'authn/authn.properties', 'Name of HTML form field to use for locating browser-submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'tokencode', 'idp.authn.TOTP.fieldName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('623', 'TOTP', 'authn/authn.properties', 'Name of IdPAttribute to resolve to obtain token seeds for users', '4.1', 'idp.authn.TOTP', '1', null, 'tokenSeeds', 'idp.authn.TOTP.tokenSeedAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('636', 'TOTP', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.TOTP', '1', null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken', 'idp.authn.TOTP.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('645', 'Metadatagen', 'mdgen.properties', 'Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.description.', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('365', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Whether or not the previous property has access to unreleased attributes', 'all', null, null, null, 'true', 'idp.persistentId.useUnfilteredAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('150', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections in the background', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.pool.LDAP.validatePeriodically', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('142', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Expired Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordExpiration', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('614', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Pass client address to Duo in API calls to support logging', '4.1', 'idp.authn.DuoOIDC', '1', 'push display', 'true', 'idp.duo.oidc.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('140', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryWithBindDN', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('129', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'How to establish trust in the server''s TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'certificateTrust', 'idp.authn.LDAP.sslConfig', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('125', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether StartTLS should be used after connecting with LDAP alone.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.authn.LDAP.useStartTLS', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('149', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections when checking them out of the pool', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.pool.LDAP.validateOnCheckout', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('144', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.freeIPADirectory', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('143', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the ''adAuthenticator''. It is meant to be specified with one of the other authenticator types.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.activeDirectory', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('146', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether connection pools should be used for LDAP authentication and DN resolution', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.disablePooling', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('145', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.eDirectory', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('126', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for the TCP connection to occur.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.connectTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('157', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your ', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindPoolPassivator', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('128', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'ACTIVE_PASSIVE', 'idp.authn.LDAP.connectionStrategy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('127', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for an LDAP response message', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.responseTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('123', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'anonSearchAuthenticator', 'idp.authn.LDAP.authenticator', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('136', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDN', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('139', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be returned in the authentication response even when the user bind fails.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryOnFailure', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('133', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.baseDN', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('132', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'List of attributes to request during authentication', 'all', null, null, 'Comma seperated list of values. The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.returnAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('135', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.userFilter', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('134', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.subtreeSearch', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('62', 'StorageConfiguration', 'idp.properties', 'Whether storage errors during replay checks should be treated as a replay', 'all', null, null, null, 'true', 'idp.replayCache.strict', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('63', 'SessionConfiguration', 'idp.properties', 'Whether to enable the IdP''s session tracking feature', 'all', null, null, null, 'true', 'idp.session.enabled', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('67', 'SessionConfiguration', 'idp.properties', 'Whether to bind IdP sessions to IP addresses', 'all', null, null, null, 'true', 'idp.session.consistentAddress', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('78', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication', '4.1', null, null, null, 'true', 'idp.authn.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('80', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to populate information about the relying party into the tree for user interfaces during login and interceptors', 'all', null, null, null, 'true', 'idp.authn.rpui', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('94', 'ConsentConfiguration', 'idp.properties', 'Whether not remembering/storing consent is allowed', 'all', null, null, null, 'true', 'idp.consent.allowDoNotRemember', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('95', 'ConsentConfiguration', 'idp.properties', 'Whether consent to any attribute and to any relying party is allowed', 'all', null, null, null, 'true', 'idp.consent.allowGlobal', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('102', 'LogoutConfiguration', 'idp.properties', 'Whether to require signed logout messages in accordance with the SAML 2.0 standard', 'all', null, null, null, 'true', 'idp.logout.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('118', 'AuditLoggingConfiguration', 'services.properties', 'Set false if you want SAML bindings "spelled out" in audit log', 'all', null, null, null, 'true', 'idp.audit.shortenBindings', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('179', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.External', null, null, 'true', 'idp.authn.External.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('195', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUser', null, null, 'true', 'idp.authn.RemoteUser.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('196', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to check REMOTE_USER for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.checkRemoteUser', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('199', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to trim leading and trailing whitespace from the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('220', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('646', 'OIDC OP', 'oidc.properties', 'Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides', '4.1', 'idp.oidc.OP', '3', 'no doc', 'false', 'idp.oidc.encryptionOptional', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('239', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, 'true', 'idp.authn.SPNEGO.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('254', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.X509', null, null, 'true', 'idp.authn.X509.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('255', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to save the certificate into the Subject''s public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.saveCertificateToCredentialSet', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('269', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('283', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.IPAddress', null, null, 'true', 'idp.authn.IPAddress.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('297', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Function', null, null, 'true', 'idp.authn.Function.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('308', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Allow the factor to be defaulted to auto if no headers are received', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.auto', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('309', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Pass client address to Duo in API calls to support logging, push display, and network-based Duo policies', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('323', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Duo', null, null, 'true', 'idp.authn.Duo.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('342', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.SAML.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('343', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions', '4.1', null, null, null, 'true', 'idp.authn.MFA.validateLoginTransitions', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('357', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.MFA', null, null, 'true', 'idp.authn.MFA.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('374', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.', '4.1', null, null, null, 'true', 'idp.persistentId.verifyDatabase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('386', 'ReloadableServices', 'services.properties', 'Fail at startup if logging configuration is invalid', 'all', null, null, null, 'true', 'idp.service.logging.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('395', 'ReloadableServices', 'services.properties', 'Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost', 'all', null, null, null, 'true', 'idp.service.metadata.enableByReferenceFilters', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('409', 'ReloadableServices', 'services.properties', 'Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.filter.maskFailures', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('414', 'ReloadableServices', 'services.properties', 'Fail at startup if AccessControlConfiguration is invalid', 'all', null, null, null, 'true', 'idp.service.access.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('460', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('463', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('480', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.unlock-keys.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('486', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.simple.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('489', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.attribute.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('496', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.x500.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('551', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to remove the object holding the password from the request''s active state after validating it (to avoid it being preserved in the session any longer than needed)', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.removeAfterValidation', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('557', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('562', 'OPDynamicClientRegistration', 'oidc.properties', 'Enables support for non-browser-based authentication', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.oidc.admin.registration.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('583', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.authn.DuoOIDC.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('613', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Allow the factor to be defaulted in as "auto" if no headers are received', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.duo.oidc.nonbrowser.auto', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('627', 'TOTP', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.TOTP', '1', null, 'true', 'idp.authn.TOTP.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('648', 'OIDC OP', 'oidc.properties', 'Regardless of what signing algorithms are configured allow none for request object signing', '4.1', 'idp.oidc.OP', '3', 'no doc', 'true', 'idp.oidc.dynreg.allowNoneForRequestSigning', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('83', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global set', '4', null, null, null, 'false', 'idp.authn.overrideRequestedAuthnContext', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('96', 'ConsentConfiguration', 'idp.properties', 'Whether per-attribute consent is allowed', 'all', null, null, null, 'false', 'idp.consent.allowPerAttribute', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('97', 'ConsentConfiguration', 'idp.properties', 'Whether attribute values and terms of use text are stored and compared for equality', 'all', null, null, null, 'false', 'idp.consent.compareValues', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('101', 'LogoutConfiguration', 'idp.properties', 'Whether to search metadata for user interface information associated with every service involved in logout propagation', 'all', null, null, null, 'false', 'idp.logout.elaboration', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('104', 'LogoutConfiguration', 'idp.properties', 'Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic', '4.1', null, null, null, 'false', 'idp.logout.preserveQuery', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('105', 'LogoutConfiguration', 'idp.properties', 'When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints', '4.2', null, null, null, 'false', 'idp.logout.assumeAsync', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('111', 'CasProtocolConfiguration', 'idp.properties', 'If true CAS services provisioned with SAML metadata are identified via entityID', 'all', null, null, null, 'false', 'idp.cas.relyingPartyIdFromMetadata', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('160', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', null, null, null, 'false', 'idp.authn.Krb5.refreshConfig', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('523', 'OPToken', 'oidc.properties', 'Whether client is allowed to use PKCE code challenge method plain', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.allowPKCEPlain', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('161', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to preserve the resulting Kerberos TGT in the Java Subject''s private credential set', '4.1', null, null, null, 'false', 'idp.authn.Krb5.preserveTicket', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('167', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('168', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('169', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('171', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('172', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('188', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('200', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to lowercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('201', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to uppercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('209', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('210', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('212', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('213', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('222', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to always try to run SPNEGO independent of the user''s auto-login setting', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.enforceRun', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('223', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.refreshKrbConfig', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('227', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('228', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('229', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('231', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('232', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('246', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('247', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('257', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('258', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('259', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('261', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('262', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('273', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('275', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('276', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('285', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('286', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('287', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('289', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('290', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('334', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.SAML.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('345', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('346', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('347', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('349', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('350', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('420', 'ReloadableServices', 'services.properties', 'Fail at startup if ManagedBeanConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.managedBean.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('426', 'Status', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('427', 'Status', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.status.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('429', 'Status', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('436', 'MetadataReload', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('440', 'AACLI', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('441', 'AACLI', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.resolvertest.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('443', 'AACLI', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('447', 'MetadataQuery', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('448', 'MetadataQuery', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.mdquery.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('450', 'MetadataQuery', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('453', 'MetricsConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('454', 'MetricsConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.metrics.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('456', 'MetricsConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('461', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.hello.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('467', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('468', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.lockout.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('470', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('474', '?', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('475', '?', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.storage.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('477', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('487', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('488', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('492', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service', '4.1', null, null, null, 'false', 'idp.c14n.attribute.resolveFromSubject', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('494', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('495', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('499', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('500', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('501', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('502', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('525', 'OPAuthorization', 'oidc.properties', 'Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.encodeConsentInTokens', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('532', 'OPToken', 'oidc.properties', 'Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.', '4.1', 'idp.oidc.OP', '3.2', null, 'false', 'idp.oauth2.enforceRefreshTokenRotation', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('534', 'OPToken', 'oidc.properties', 'Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oauth2.encryptionOptional', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('564', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to resolve attributes if authentication is enabled', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('571', 'OPClientResolution', 'oidc.properties', 'If true any failures during initialization of any resolvers result in IdP startup failure', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.service.clientinfo.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('582', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('585', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.DuoOIDC', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.DuoOIDC.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('586', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('593', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('629', 'TOTP', 'authn/authn.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.TOTP', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.TOTP.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('630', 'TOTP', 'authn/authn.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('637', 'TOTP', 'authn/authn.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.addDefaultPrincipals', 'BOOLEAN', null, null); \ No newline at end of file From f7ef7669f75f2cc4e0ebf4bf4c0bf978e64387ba Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Tue, 23 Aug 2022 10:35:56 -0700 Subject: [PATCH 54/58] Updated POC --- ui/public/assets/data/configurations.json | 6 +++ ui/public/assets/data/properties.json | 1 - ui/src/app/admin/IdpConfiguration.js | 4 +- .../app/admin/component/ConfigurationForm.js | 48 +++++++++++-------- .../app/admin/container/ConfigurationList.js | 16 +++---- .../app/admin/hoc/ConfigurationsProvider.js | 2 +- ui/src/app/admin/hooks.js | 2 +- 7 files changed, 47 insertions(+), 32 deletions(-) create mode 100644 ui/public/assets/data/configurations.json delete mode 100644 ui/public/assets/data/properties.json diff --git a/ui/public/assets/data/configurations.json b/ui/public/assets/data/configurations.json new file mode 100644 index 000000000..82d601b1e --- /dev/null +++ b/ui/public/assets/data/configurations.json @@ -0,0 +1,6 @@ +[ + { + "resourceId": "foo", + "name": "Configuration 1" + } +] \ No newline at end of file diff --git a/ui/public/assets/data/properties.json b/ui/public/assets/data/properties.json deleted file mode 100644 index 0637a088a..000000000 --- a/ui/public/assets/data/properties.json +++ /dev/null @@ -1 +0,0 @@ -[] \ No newline at end of file diff --git a/ui/src/app/admin/IdpConfiguration.js b/ui/src/app/admin/IdpConfiguration.js index 621b54e71..6f774d9ea 100644 --- a/ui/src/app/admin/IdpConfiguration.js +++ b/ui/src/app/admin/IdpConfiguration.js @@ -14,8 +14,8 @@ export function IdpConfiguration() { - {(properties, onDelete) => - + {(configurations, onDelete) => + } } /> diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 7229a27c3..3f30f6445 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -9,6 +9,8 @@ import { ToggleButton } from '../../form/component/ToggleButton'; import { useProperties, usePropertiesLoading } from '../hoc/PropertiesProvider'; import { groupBy } from 'lodash'; import { useCallback } from 'react'; +import Form from 'react-bootstrap/Form'; +import FloatingLabel from 'react-bootstrap/FloatingLabel'; export function ConfigurationForm({ configuration = {}, errors = [], schema, onSave, onCancel }) { @@ -140,26 +142,34 @@ export function ConfigurationForm({ configuration = {}, errors = [], schema, onS
- - - - - - - - - - - {config.properties.map((p, idx) => ( - - - - - + +
PropertyCategoryTypeValue
{ p.propertyName }
+ + + + + + - ))} - -
PropertyCategoryTypeValue
+ + + {config.properties.map((p, idx) => ( + + { p.propertyName } + { p.category } + { p.displayType } + + + + + + + ))} + + +
diff --git a/ui/src/app/admin/container/ConfigurationList.js b/ui/src/app/admin/container/ConfigurationList.js index 300aab019..15351312c 100644 --- a/ui/src/app/admin/container/ConfigurationList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -1,5 +1,5 @@ import React from 'react'; -import { faEdit, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; +import { faDownload, faEdit, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import Button from 'react-bootstrap/Button'; @@ -9,7 +9,7 @@ import { Translate } from '../../i18n/components/translate'; import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; -export function ConfigurationList({ properties, onDelete }) { +export function ConfigurationList({ configurations, onDelete }) { const remove = (id) => { onDelete(id); @@ -44,18 +44,18 @@ export function ConfigurationList({ properties, onDelete }) { - {(properties?.length > 0) ? properties.map((property, i) => + {(configurations?.length > 0) ? configurations.map((c, i) => - {property.name} + {c.name} - - + + - Edit + Download - + ))} diff --git a/ui/src/app/admin/container/ConfigurationList.js b/ui/src/app/admin/container/ConfigurationList.js index 15351312c..fcad47048 100644 --- a/ui/src/app/admin/container/ConfigurationList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -49,17 +49,13 @@ export function ConfigurationList({ configurations, onDelete }) { {c.name} - + - - Download - +   Download - From 2813d25d8e889ba6002b3632a835fa5f23ef9802 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Mon, 29 Aug 2022 13:25:22 -0700 Subject: [PATCH 57/58] Updated configuration builder --- ui/package-lock.json | 14 +- ui/package.json | 2 +- ui/public/assets/data/configuration.json | 29 +++ .../app/admin/component/ConfigurationForm.js | 174 +++++++----------- .../app/admin/component/PropertySelector.js | 92 +++++++++ .../app/admin/container/ConfigurationList.js | 12 +- .../app/admin/container/EditConfiguration.js | 76 ++++---- .../app/admin/container/NewConfiguration.js | 30 ++- .../app/admin/hoc/ConfigurationsProvider.js | 2 +- ui/src/app/admin/hoc/PropertiesProvider.js | 4 +- ui/src/app/admin/hooks.js | 8 +- ui/src/theme/project/configuration.scss | 11 ++ ui/src/theme/project/index.scss | 1 + 13 files changed, 271 insertions(+), 184 deletions(-) create mode 100644 ui/public/assets/data/configuration.json create mode 100644 ui/src/app/admin/component/PropertySelector.js create mode 100644 ui/src/theme/project/configuration.scss diff --git a/ui/package-lock.json b/ui/package-lock.json index 0cc5f3665..2083b22a0 100644 --- a/ui/package-lock.json +++ b/ui/package-lock.json @@ -25,7 +25,7 @@ "react-bootstrap": "^2.3.0", "react-bootstrap-typeahead": "^5.1.4", "react-dom": "^18.0.0", - "react-hook-form": "^7.30.0", + "react-hook-form": "^7.34.0", "react-infinite-scroll-component": "^6.1.0", "react-router": "^5.1.0", "react-router-dom": "^5.1.0", @@ -13536,9 +13536,9 @@ "dev": true }, "node_modules/react-hook-form": { - "version": "7.30.0", - "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.30.0.tgz", - "integrity": "sha512-DzjiM6o2vtDGNMB9I4yCqW8J21P314SboNG1O0obROkbg7KVS0I7bMtwSdKyapnCPjHgnxc3L7E5PEdISeEUcQ==", + "version": "7.34.2", + "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.34.2.tgz", + "integrity": "sha512-1lYWbEqr0GW7HHUjMScXMidGvV0BE2RJV3ap2BL7G0EJirkqpccTaawbsvBO8GZaB3JjCeFBEbnEWI1P8ZoLRQ==", "engines": { "node": ">=12.22.0" }, @@ -26712,9 +26712,9 @@ "dev": true }, "react-hook-form": { - "version": "7.30.0", - "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.30.0.tgz", - "integrity": "sha512-DzjiM6o2vtDGNMB9I4yCqW8J21P314SboNG1O0obROkbg7KVS0I7bMtwSdKyapnCPjHgnxc3L7E5PEdISeEUcQ==", + "version": "7.34.2", + "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.34.2.tgz", + "integrity": "sha512-1lYWbEqr0GW7HHUjMScXMidGvV0BE2RJV3ap2BL7G0EJirkqpccTaawbsvBO8GZaB3JjCeFBEbnEWI1P8ZoLRQ==", "requires": {} }, "react-infinite-scroll-component": { diff --git a/ui/package.json b/ui/package.json index 25cc8cd8a..b32a48b1d 100644 --- a/ui/package.json +++ b/ui/package.json @@ -21,7 +21,7 @@ "react-bootstrap": "^2.3.0", "react-bootstrap-typeahead": "^5.1.4", "react-dom": "^18.0.0", - "react-hook-form": "^7.30.0", + "react-hook-form": "^7.34.0", "react-infinite-scroll-component": "^6.1.0", "react-router": "^5.1.0", "react-router-dom": "^5.1.0", diff --git a/ui/public/assets/data/configuration.json b/ui/public/assets/data/configuration.json new file mode 100644 index 000000000..82e86dd4d --- /dev/null +++ b/ui/public/assets/data/configuration.json @@ -0,0 +1,29 @@ +{ + "resourceId": 11, + "name": "setname1", + "properties": [ + { + "resourceId":"577", + "category":"OPSubClaim", + "configFile":"oidc.properties", + "description":"The source attribute used in generating the sub claim", + "idpVersion":"4.1", + "module":"idp.oidc.OP", + "moduleVersion":"3", + "propertyName":"idp.oidc.subject.sourceAttribute", + "displayType":"string", + "propertyValue": "foo" + }, + { + "resourceId": "393", + "category": "ReloadableServices", + "configFile": "services.properties", + "defaultValue": "false", + "description": "Fail at startup if MetadataConfiguration is invalid", + "idpVersion": "all", + "propertyName": "idp.service.metadata.failFast", + "displayType": "boolean", + "propertyValue": "true" + } + ] +} diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index ff890a6a2..9db9756da 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -1,74 +1,34 @@ -import React, { Fragment } from 'react'; +import React from 'react'; import Button from 'react-bootstrap/Button'; +import { useFieldArray, useForm } from 'react-hook-form'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { faSpinner, faSave, faTrash } from '@fortawesome/free-solid-svg-icons'; -import { Highlighter, Menu, MenuItem, Token, Typeahead } from 'react-bootstrap-typeahead'; + import Translate from '../../i18n/components/translate'; -import { ToggleButton } from '../../form/component/ToggleButton'; +import PropertySelector from './PropertySelector'; import { useProperties, usePropertiesLoading } from '../hoc/PropertiesProvider'; -import { groupBy } from 'lodash'; -import { useCallback } from 'react'; + import Form from 'react-bootstrap/Form'; import FloatingLabel from 'react-bootstrap/FloatingLabel'; -export function ConfigurationForm({ configuration = {}, errors = [], schema, onSave, onCancel }) { - - const properties = useProperties(); - const loading = usePropertiesLoading(); +export function ConfigurationForm({ configuration = {}, schema, onSave, onCancel }) { - const select = (data) => { - console.log(data); - setSelected(data); - }; + const { control, register, getValues, watch, formState: { errors } } = useForm({ + defaultValues: { + ...configuration + } + }); - const [selected, setSelected] = React.useState([]); + const { fields, prepend, remove } = useFieldArray({ + control, + name: "properties", + }); - const [config, setConfig] = React.useState({ name: '', properties: [] }); - - // config.properties.filter(p => p.category === item.category).length === properties.filter(p => p.category === item.category).length - - const menu = useCallback((results, menuProps, state) => { - let index = 0; - const mapped = results.map(p => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p); - const grouped = groupBy(mapped, 'category'); - const items = Object.keys(grouped).sort().map((item) => ( - - {index !== 0 && } - - - {item} - Add all - - - {grouped[item].map((i) => { - const item = - p.propertyName === i.propertyName) }> - - {`- ${i.propertyName}`} - - ; - index += 1; - return item; - })} - - )); - - return {items}; - }, [config.properties]); - - const token = (option, { onRemove }, index) => ( - - {`${option.propertyName}`} - - ); + const properties = useProperties(); + const loading = usePropertiesLoading(); const addProperties = (props) => { - const parsed = props.reduce((coll, prop, idx) => { if (prop.isCategory) { return [...coll, ...properties.filter(p => p.category === prop.category)]; @@ -77,17 +37,20 @@ export function ConfigurationForm({ configuration = {}, errors = [], schema, onS } }, []); - setConfig({ - ...config, - properties: [ - ...config.properties, - ...parsed, - ] - }); - setSelected([]); + prepend(parsed); }; - React.useEffect(() => console.log(selected), [selected]); + const saveConfig = (formValues) => { + const parsed = formValues.properties.map(p => ({ + propertyName: p.propertyName, + propertyValue: p.propertyValue, + configFile: p.configFile, + })); + onSave({ + ...formValues, + properties: parsed + }); + }; return (<>
@@ -95,7 +58,7 @@ export function ConfigurationForm({ configuration = {}, errors = [], schema, onS
-
-
-
-
- - select(selected)} - options={[...properties]} - selected={selected} - labelKey={option => `${option.propertyName}`} - filterBy={['propertyName', 'category', 'displayType']} - renderMenu={ menu } - multiple={ true } - renderToken={ token } - > - {({ isMenuShown, toggleMenu }) => ( - toggleMenu()}> - Options - - )} - +
+
+
+ + Name + + +
+
+
+
+
+
-
-
-
-
-
- +
+
+
@@ -154,20 +102,27 @@ export function ConfigurationForm({ configuration = {}, errors = [], schema, onS - {config.properties.map((p, idx) => ( - + {fields.map((p, idx) => ( +
{ p.propertyName } { p.category } { p.displayType } - - - + {p.displayType !== 'boolean' ? + + + + : + + } - @@ -176,10 +131,9 @@ export function ConfigurationForm({ configuration = {}, errors = [], schema, onS ))}
- +
-
+
) -} -/**/ \ No newline at end of file +} \ No newline at end of file diff --git a/ui/src/app/admin/component/PropertySelector.js b/ui/src/app/admin/component/PropertySelector.js new file mode 100644 index 000000000..44cdfd085 --- /dev/null +++ b/ui/src/app/admin/component/PropertySelector.js @@ -0,0 +1,92 @@ +import React, { Fragment, useCallback } from 'react'; +import { groupBy } from 'lodash'; +import { Highlighter, Menu, MenuItem, Token, Typeahead } from 'react-bootstrap-typeahead'; +import Button from 'react-bootstrap/Button'; + +import { ToggleButton } from '../../form/component/ToggleButton'; + +export function PropertySelector ({ properties, options, onAddProperties }) { + + // React.useEffect(() => console.log(properties), [properties]); + + const menu = useCallback((results, menuProps, state) => { + let index = 0; + const mapped = results.map(p => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p); + const grouped = groupBy(mapped, 'category'); + const items = Object.keys(grouped).sort().map((item) => ( + + {index !== 0 && } + + + {item} - Add all + + + {grouped[item].map((i) => { + const item = + p.propertyName === i.propertyName) }> + + {`- ${i.propertyName}`} + + ; + index += 1; + return item; + })} + + )); + + return {items}; + }, [properties]); + + const token = (option, { onRemove }, index) => ( + + {`${option.propertyName}`} + + ); + + const select = (data) => { + setSelected(data); + }; + + const [selected, setSelected] = React.useState([]); + + const add = (s) => { + onAddProperties(s); + setSelected([]); + } + + return ( + +
+ + select(selected)} + options={[...options]} + selected={selected} + labelKey={option => `${option.propertyName}`} + filterBy={['propertyName', 'category', 'displayType']} + renderMenu={ menu } + multiple={ true } + renderToken={ token } + > + {({ isMenuShown, toggleMenu }) => ( + toggleMenu()}> + Options + + )} + +
+ + + ) +} + +export default PropertySelector; \ No newline at end of file diff --git a/ui/src/app/admin/container/ConfigurationList.js b/ui/src/app/admin/container/ConfigurationList.js index fcad47048..4acffc1c2 100644 --- a/ui/src/app/admin/container/ConfigurationList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -1,5 +1,5 @@ import React from 'react'; -import { faDownload, faEdit, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; +import { faDownload, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import Button from 'react-bootstrap/Button'; @@ -46,13 +46,17 @@ export function ConfigurationList({ configurations, onDelete }) { {(configurations?.length > 0) ? configurations.map((c, i) => - {c.name} + + + {c.name} + + - +
diff --git a/ui/src/app/admin/container/NewConfiguration.js b/ui/src/app/admin/container/NewConfiguration.js index d2ece36a9..a358c1f84 100644 --- a/ui/src/app/admin/container/NewConfiguration.js +++ b/ui/src/app/admin/container/NewConfiguration.js @@ -21,11 +21,11 @@ export function NewConfiguration() { const [blocking, setBlocking] = React.useState(false); - async function save(property) { + async function save(config) { let toast; - const resp = await post(``, property); + const resp = await post(``, config); if (response.ok) { - gotoDetail({ refresh: true }); + gotoList({ refresh: true }); toast = createNotificationAction(`Added property successfully.`, NotificationTypes.SUCCESS); } else { toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); @@ -36,14 +36,16 @@ export function NewConfiguration() { }; const cancel = () => { - gotoDetail(); + gotoList(); }; - const gotoDetail = (state = null) => { + const gotoList = (state = null) => { setBlocking(false); - history.push(`/properties`, state); + history.push(`/configurations`, state); }; + const [configuration] = React.useState({}); + return (
{(schema) => - - {(data, errors) => - save(data)} - onCancel={() => cancel()} />} - } + save(data)} + onCancel={() => cancel()} />}
diff --git a/ui/src/app/admin/hoc/ConfigurationsProvider.js b/ui/src/app/admin/hoc/ConfigurationsProvider.js index 661c00d80..aa23ddd45 100644 --- a/ui/src/app/admin/hoc/ConfigurationsProvider.js +++ b/ui/src/app/admin/hoc/ConfigurationsProvider.js @@ -15,7 +15,7 @@ export function ConfigurationsProvider({ children, cache = 'no-cache' }) { }); async function loadConfigurations() { - const list = await get(`assets/data/configurations.json`); + const list = await get(`shib/property/set`); if (response.ok) { setConfigurations(list); } diff --git a/ui/src/app/admin/hoc/PropertiesProvider.js b/ui/src/app/admin/hoc/PropertiesProvider.js index 55dde0696..bf62be7cc 100644 --- a/ui/src/app/admin/hoc/PropertiesProvider.js +++ b/ui/src/app/admin/hoc/PropertiesProvider.js @@ -1,8 +1,6 @@ import React from 'react'; import useFetch from 'use-http'; -import API_BASE_PATH, { BASE_PATH } from '../../App.constant'; -import has from 'lodash/has'; -import { groupBy } from 'lodash'; +import API_BASE_PATH from '../../App.constant'; const PropertiesContext = React.createContext(); diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js index 50f0b51c7..11184e55e 100644 --- a/ui/src/app/admin/hooks.js +++ b/ui/src/app/admin/hooks.js @@ -1,7 +1,7 @@ import useFetch from 'use-http'; import isNil from 'lodash/isNil'; import {isValidRegex} from '../core/utility/is_valid_regex'; -import API_BASE_PATH, { BASE_PATH } from '../App.constant'; +import API_BASE_PATH from '../App.constant'; export function useGroups (opts = { cachePolicy: 'no-cache' }) { return useFetch(`${API_BASE_PATH}/admin/groups`, opts); @@ -48,11 +48,11 @@ export function useRoleUiSchema() { } export function useConfigurations (opts = { cachePolicy: 'no-cache' }) { - return useFetch(`${BASE_PATH}/`, opts); + return useFetch(`${API_BASE_PATH}/`, opts); } -export function useConfiguration(id, opts = { cachePolicy: 'no-cache' }) { - return useFetch(`${API_BASE_PATH}/admin/configuration/${id}`, opts); +export function useConfiguration(opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/shib/property/set`, opts); } export function useConfigurationUiSchema () { diff --git a/ui/src/theme/project/configuration.scss b/ui/src/theme/project/configuration.scss new file mode 100644 index 000000000..0da05f1ff --- /dev/null +++ b/ui/src/theme/project/configuration.scss @@ -0,0 +1,11 @@ +#property-selector { + .dropdown-header { + padding-right: 0rem; + padding-left: 0rem; + font-size: 1rem; + + .dropdown-item { + font-weight: bold; + } + } +} \ No newline at end of file diff --git a/ui/src/theme/project/index.scss b/ui/src/theme/project/index.scss index 6d0de6f9a..fd2b6a070 100644 --- a/ui/src/theme/project/index.scss +++ b/ui/src/theme/project/index.scss @@ -14,6 +14,7 @@ @import './notifications'; @import './filters'; @import './typeahead'; +@import './configuration'; html, body { height: 100%; From 58fa44542e2b15b5ad117039599c8e0a37834489 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 29 Aug 2022 14:45:49 -0700 Subject: [PATCH 58/58] NOJIRA fixed typo --- .../admin/ui/controller/ShibPropertiesController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index b5895db41..f90392108 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -58,7 +58,7 @@ public ResponseEntity getAllPropertySets() { return ResponseEntity.ok(service.getAllPropertySets()); } - @GetMapping(value="/property/set/{resourceId}", produces="applcation/json") + @GetMapping(value="/property/set/{resourceId}", produces="application/json") @Transactional(readOnly = true) @Operation(description = "Return the property set with the given resourceId", summary = "Return the property set with the given resourceId", method = "GET")