diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy index e69de29bb..d39485ca7 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy @@ -0,0 +1,70 @@ +package edu.internet2.tier.shibboleth.admin.ui.service + +import com.opencsv.CSVReader +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty +import groovy.util.logging.Slf4j +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.boot.context.event.ApplicationStartedEvent +import org.springframework.context.event.EventListener +import org.springframework.core.io.ClassPathResource +import org.springframework.core.io.Resource +import org.springframework.stereotype.Component + +import javax.transaction.Transactional + +@Component +@Slf4j +class ShibPropertiesBootstrap { + @Autowired + private ShibConfigurationService service + + ShibPropertiesBootstrap(ShibConfigurationService service) { + this.service = service + } + + @Transactional + @EventListener + void bootstrapUsersAndRoles(ApplicationStartedEvent e) { + log.info("Ensuring base Shibboleth properties configuration has loaded") + + Resource resource = new ClassPathResource('shib_configuration_prop.csv') + final HashMap propertiesMap = new HashMap<>() + + // Read in the defaults in the configuration file + new CSVReader(new InputStreamReader(resource.inputStream)).each { fields -> + def (resource_id,category,config_file,description,idp_version,module,module_version,note,default_value,property_name,property_type,selection_items,property_value) = fields + ShibConfigurationProperty prop = new ShibConfigurationProperty().with { + it.resourceId = resource_id + it.category = category + it.configFile = config_file + it.description = description + it.idpVersion = idp_version + it.module = module + it.moduleVersion = module_version + it.note = note + it.defaultValue = default_value + it.description = description + it.propertyName = property_name + def pt = property_type + it.setPropertyType(pt) + it.selectionItems = selection_items + // we shouldn't have property values coming in from the config... + it + } + propertiesMap.put(prop.getPropertyName(), prop) + } + + // If we already have the property in the db, ignore the configuration setup for that property + service.getExistingPropertyNames().each { + propertiesMap.remove(it) + } + + // Save anything that's left + if (propertiesMap.size() > 0) { + log.info("Saving/loading [" + propertiesMap.size() + "] properties to the database") + service.addAllConfigurationProperties(propertiesMap.values()) + } + + log.info("COMPLETED: ensuring base Shibboleth properties configuration has loaded") + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java index 68751254f..ee18f0e65 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java @@ -2,6 +2,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.IRelyingPartyOverrideProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.service.CustomEntityAttributesDefinitionService; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import edu.internet2.tier.shibboleth.admin.ui.service.events.CustomEntityAttributeDefinitionChangeEvent; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index e69de29bb..b5895db41 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -0,0 +1,139 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; +import io.swagger.v3.oas.annotations.tags.Tags; +import org.apache.tomcat.util.http.fileupload.IOUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.security.access.annotation.Secured; +import org.springframework.transaction.annotation.Transactional; +import org.springframework.web.bind.annotation.DeleteMapping; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.zip.ZipEntry; +import java.util.zip.ZipOutputStream; + +@RestController +@RequestMapping(value = "/api/shib") +@Tags(value = {@Tag(name = "Shibboleth Properties")}) +public class ShibPropertiesController { + @Autowired + private ShibConfigurationService service; + + @GetMapping("/properties") + @Transactional(readOnly = true) + @Operation(description = "Return all the configuration properties - used to populate the UI with the know configuration properties", + summary = "Return all the configuration properties - used to populate the UI with the know configuration properties", method = "GET") + public ResponseEntity getAllConfigurationProperties() { + return ResponseEntity.ok(service.getAllConfigurationProperties()); + } + + /** + * @return a List of the set names and their ids + */ + @GetMapping("/property/set") + @Transactional(readOnly = true) + @Operation(description = "Return a list of all the set names and their resourceId", + summary = "Return a list of all the set names and their resourceId", method = "GET") + public ResponseEntity getAllPropertySets() { + return ResponseEntity.ok(service.getAllPropertySets()); + } + + @GetMapping(value="/property/set/{resourceId}", produces="applcation/json") + @Transactional(readOnly = true) + @Operation(description = "Return the property set with the given resourceId", + summary = "Return the property set with the given resourceId", method = "GET") + public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { + return ResponseEntity.ok(service.getSet(resourceId)); + } + + @GetMapping(value="/property/set/{resourceId}", produces="application/zip") + @Transactional(readOnly = true) + @Operation(description = "Return the property set with the given resourceId as a zip file of the properties files", + summary = "Return the property set with the given resourceId as a zip file of the properties files", method = "GET") + public ResponseEntity getPropertySetAsZip(@PathVariable Integer resourceId) throws EntityNotFoundException, IOException { + ShibPropertySet set = service.getSet(resourceId); + StringBuilder sb = new StringBuilder("attachment; filename=\"").append(set.getName()).append(".zip\""); + return ResponseEntity.ok().header("Content-Disposition", sb.toString()).body(prepDownloadAsZip(convertPropertiesToMaps(set.getProperties()))); + } + + private Map> convertPropertiesToMaps(List properties) { + HashMap> result = new HashMap<>(); + for (ShibPropertySetting setting:properties){ + String confFile = setting.getConfigFile(); + if (!result.containsKey(confFile)) { + Map props = new HashMap<>(); + result.put(confFile,props); + } + Map props = result.get(confFile); + props.put(setting.getPropertyName(), setting.getPropertyValue()); + } + return result; + } + + private byte[] prepDownloadAsZip(Map> propertiesFiles) throws IOException { + ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream(); + ZipOutputStream zipOutputStream = new ZipOutputStream(byteOutputStream); + + for (String filename : propertiesFiles.keySet()) { + zipOutputStream.putNextEntry(new ZipEntry(filename)); + Map properties = propertiesFiles.get(filename); + StringBuilder props = new StringBuilder(); + for (String key : properties.keySet()) { + props.append(key).append("=").append(properties.get(key)).append("\n"); + } + ByteArrayInputStream inputStream = new ByteArrayInputStream(props.toString().getBytes()); + IOUtils.copy(inputStream, zipOutputStream); + zipOutputStream.closeEntry(); + } + zipOutputStream.close(); + return byteOutputStream.toByteArray(); + } + + @DeleteMapping("/property/set/{resourceId}") + @Secured("ROLE_ADMIN") + @Transactional + public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { + service.delete(resourceId); + return ResponseEntity.noContent().build(); + } + + @PostMapping("/property/set") + @Secured("ROLE_ADMIN") + @Transactional + @Operation(description = "Create a property set with all new information - must not be an existing set", + summary = "Create a property set with all new information - must not be an existing set", method = "POST") + public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) throws ObjectIdExistsException { + ShibPropertySet result = service.create(newSet); + return ResponseEntity.status(HttpStatus.CREATED).body(result); + } + + @PutMapping("/property/set/{resourceId}") + @Secured("ROLE_ADMIN") + @Transactional + @Operation(description = "Update a property set with with the matching resourceId - must exist", + summary = "Update an existing property set with the matching resourceId - must exist", method = "PUT") + public ResponseEntity updatePropertySet(@RequestBody ShibPropertySet setToUpdate, @PathVariable int resourceId) throws EntityNotFoundException { + ShibPropertySet result = service.update(setToUpdate); + return ResponseEntity.status(HttpStatus.OK).body(result); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java deleted file mode 100644 index eb0f4ea77..000000000 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java +++ /dev/null @@ -1,83 +0,0 @@ -package edu.internet2.tier.shibboleth.admin.ui.domain; - -import com.fasterxml.jackson.annotation.JsonIgnore; -import edu.internet2.tier.shibboleth.admin.util.EmptyStringToNullConverter; -import lombok.Data; -import org.hibernate.envers.Audited; - -import javax.persistence.Column; -import javax.persistence.Convert; -import javax.persistence.Entity; -import javax.persistence.Id; -import java.util.UUID; - -@Entity(name = "shib_configuration_prop") -@Audited -@Data -public class ShibConfigurationProperty { - @Id - @Column(name = "resource_id", nullable = false) - String resourceId = UUID.randomUUID().toString(); - - @Column(name = "category", nullable = false) - String category; - - @Column(name = "config_file", nullable = false) - String configFile; - - @Column(name = "default_value") - @Convert(converter = EmptyStringToNullConverter.class) - String defaultValue; - - @Column(name = "description") - @Convert(converter = EmptyStringToNullConverter.class) - String description; - - @Column(name = "idp_version", nullable = false) - String idpVersion; - - @Column(name = "module") - @Convert(converter = EmptyStringToNullConverter.class) - String module; - - @Column(name = "module_version") - @Convert(converter = EmptyStringToNullConverter.class) - String moduleVersion; - - @Column(name = "note") - @Convert(converter = EmptyStringToNullConverter.class) - String note; - - @Column(name = "property_name", nullable = false) - String propertyName; - - @Column(name = "property_type", nullable = false) - @JsonIgnore // display type is sent to the ui instead - PropertyType propertyType; - - @Column(name = "selection_items") - @Convert(converter = EmptyStringToNullConverter.class) - String selectionItems; - - public String getDisplayType() { - switch (propertyType) { - case BOOLEAN: - return propertyType.name().toLowerCase(); - case INTEGER: - return "number"; - case SELECTION_LIST: - return "list"; - default: // DURATION, SPRING_BEAN_ID, STRING - return "string"; - } - } - - public void setPropertyType(String val) { - this.propertyType = PropertyType.valueOf(val); - } - -} - -enum PropertyType { - BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING -} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java index e69de29bb..86ed4f90a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java @@ -0,0 +1,15 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; + +import java.util.List; + +/** + * Repository to manage {@link ShibConfigurationProperty} instances. + */ +public interface ShibConfigurationRepository extends JpaRepository { + @Query(value = "select property_name from shib_configuration_prop", nativeQuery = true) + List getPropertyNames(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index e69de29bb..64c029d96 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -0,0 +1,30 @@ +package edu.internet2.tier.shibboleth.admin.ui.service; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; +import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; + +import java.util.Collection; +import java.util.List; + +public interface ShibConfigurationService { + void addAllConfigurationProperties(Collection newProperties); + + ShibPropertySet create(ShibPropertySet set) throws ObjectIdExistsException; + + void delete(int resourceId) throws EntityNotFoundException; + + List getAllConfigurationProperties(); + + List getAllPropertySets(); + + List getExistingPropertyNames(); + + ShibPropertySet getSet(int resourceId) throws EntityNotFoundException; + + ShibConfigurationProperty save(ShibConfigurationProperty prop); + + ShibPropertySet update(ShibPropertySet setToUpdate) throws EntityNotFoundException; +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index e69de29bb..74d9e3637 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -0,0 +1,131 @@ +package edu.internet2.tier.shibboleth.admin.ui.service; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; +import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibConfigurationRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; + +@Service +public class ShibConfigurationServiceImpl implements ShibConfigurationService { + @Autowired + private ShibConfigurationRepository shibConfigurationRepository; + + @Autowired + private ShibPropertySetRepository shibPropertySetRepository; + + @Autowired + private ShibPropertySettingRepository shibPropertySettingRepository; + + @Override + public void addAllConfigurationProperties(Collection newProperties) { + shibConfigurationRepository.saveAll(newProperties); + } + + @Override + public ShibPropertySet create(ShibPropertySet set) throws ObjectIdExistsException { + try { + getSet(set.getResourceId()); + throw new ObjectIdExistsException(Integer.toString(set.getResourceId())); + } + catch (EntityNotFoundException e) { + // we don't want to find the object + } + return save(set); + } + + @Override + public void delete(int resourceId) throws EntityNotFoundException { + ShibPropertySet set = shibPropertySetRepository.findByResourceId(resourceId); + if (set == null) { + throw new EntityNotFoundException(String.format("The property set with id [%s] was not found for update.", resourceId)); + } + shibPropertySettingRepository.deleteAll(set.getProperties()); + shibPropertySetRepository.delete(set); + } + + @Override + public List getAllConfigurationProperties() { + return shibConfigurationRepository.findAll(); + } + + @Override + public List getAllPropertySets() { + return shibPropertySetRepository.findAllBy(); + } + + @Override + public List getExistingPropertyNames() { + return shibConfigurationRepository.getPropertyNames(); + } + + @Override + public ShibPropertySet getSet(int resourceId) throws EntityNotFoundException { + ShibPropertySet result = shibPropertySetRepository.findByResourceId(resourceId); + if (result == null) { + throw new EntityNotFoundException((String.format("The property set with id [%s] was not found.", resourceId))); + } + return result; + } + + @Override + public ShibConfigurationProperty save(ShibConfigurationProperty prop) { + return shibConfigurationRepository.save(prop); + } + + @Override + public ShibPropertySet update(ShibPropertySet setToUpdate) throws EntityNotFoundException { + getSet(setToUpdate.getResourceId()); // check that it exists, if not it'll throw an exception + return save(setToUpdate); + } + + private ShibPropertySet save(ShibPropertySet incomingPropSet) { + ShibPropertySet result = new ShibPropertySet(); + List propertiesToUpdate = new ArrayList<>(); + + if (incomingPropSet.getResourceId() == 0) { + // The incoming set is new, so treat the properties as all new as well + propertiesToUpdate.addAll(shibPropertySettingRepository.saveAll(incomingPropSet.getProperties())); + result.setName(incomingPropSet.getName()); + } else { + // if the prop set exists, get the existing entity and update it + result = shibPropertySetRepository.findByResourceId(incomingPropSet.getResourceId()); + result.setName(incomingPropSet.getName()); + + HashMap existingPropMap = new HashMap<>(); + result.getProperties().forEach(prop -> existingPropMap.put(prop.getPropertyName(), prop)); + // find props that are no longer in the set and remove them + incomingPropSet.getProperties().forEach(prop -> existingPropMap.remove(prop.getPropertyName())); + shibPropertySettingRepository.deleteAll(existingPropMap.values()); + // reset our map of existing so we can find new entries + existingPropMap.clear(); + result.getProperties().forEach(prop -> existingPropMap.put(prop.getPropertyName(), prop)); + incomingPropSet.getProperties().forEach(prop -> { + if ( !existingPropMap.containsKey(prop.getPropertyName()) ) { + ShibPropertySetting updatedEntity = shibPropertySettingRepository.save(prop); + propertiesToUpdate.add(updatedEntity); + } else { + // get the entity from the map, update it, save to update list + ShibPropertySetting updatedEntity = existingPropMap.get(prop.getPropertyName()); + updatedEntity.setConfigFile(prop.getConfigFile()); + updatedEntity.setPropertyValue(prop.getPropertyValue()); + propertiesToUpdate.add(shibPropertySettingRepository.save(updatedEntity)); + } + }); + } + result.setProperties(propertiesToUpdate); + return shibPropertySetRepository.save(result); + } + +} \ No newline at end of file diff --git a/backend/src/main/resources/db/changelog/temp.sql b/backend/src/main/resources/db/changelog/temp.sql deleted file mode 100644 index 927ab6522..000000000 --- a/backend/src/main/resources/db/changelog/temp.sql +++ /dev/null @@ -1,656 +0,0 @@ -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('17', 'SecurityConfiguration', 'idp.properties', 'Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified', 'all', null, null, null, null, 'idp.cookie.sameSite', 'SELECTION_LIST', 'None,Lax,Strict', null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('3', 'RelyingPartyConfiguration', 'idp.properties', 'The unique name of the IdP used as the iisuer in all SAML profiles', 'all', null, null, 'ex. https://unicon.net/idp/shibboleth', null, 'idp.entityID', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('7', 'RelyingPartyConfiguration', 'idp.properties', 'Identifies the endpoint in SAML metadata associated with artifacts issued by a server node', 'all', null, null, null, '2', 'idp.artifact.endpointIndex', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('16', 'SecurityConfiguration', 'idp.properties', 'Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)', 'all', null, null, null, '31536000', 'idp.cookie.maxAge', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('21', 'SecurityConfiguration', 'idp.properties', 'Time between checks for a new AES key version', 'all', null, null, null, 'PT15M', 'idp.sealer.updateInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('394', 'ReloadableServices', 'services.properties', 'Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads', 'all', null, null, null, '0', 'idp.service.metadata.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('537', 'OPDynamicClientRegistration', 'oidc.properties', 'Registration lifetime', '4.1', 'idp.oidc.OP', '3', null, 'PT24H', 'idp.oidc.dynreg.defaultRegistrationValidity', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('602', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Leeway allowed in token expiry calculations', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.clockSkew', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('603', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum amount (in either direction from now) of duration for which a token is valid after it is issued', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.iatWindow', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('606', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'How long the authentication is valid. Only applies to forced authentication requests.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.authLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('131', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.truststore - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustStore', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('10', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, 'file pathname', '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('4', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, null, '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('2', 'Core', 'idp.properties', 'Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.', 'all', null, null, 'Comma seperated list of values ex. /conf/ldap.properties, /conf/services.properties', null, 'idp.additionalProperties', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('23', 'SecurityConfiguration', 'idp.properties', 'Keystore resource containing AES encryption key usually a file path', 'all', null, null, 'resource path', null, 'idp.sealer.storeResource', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('12', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will be limited to TLS', 'all', null, null, null, 'false', 'idp.cookie.secure', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('71', 'SessionConfiguration', 'idp.properties', 'Whether to hide storage failures from users during session cache reads/writes', 'all', null, null, null, 'false', 'idp.session.maskStorageFailure', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('130', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load trust anchors from when using sslConfig = certificateTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.crt - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustCertificates', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('11', 'Core', 'idp.properties', 'applies a (fixed) scope typically a domain-valued suffix to an input attribute''s values', 'all', null, null, null, null, 'idp.scope', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('14', 'SecurityConfiguration', 'idp.properties', 'Overrides the domain of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.domain', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('33', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SecurityConfiguration', 'all', null, null, 'Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)', 'shibboleth.DefaultSecurityConfiguration', 'idp.security.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('34', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SignatureSigningConfiguration', 'all', null, null, 'Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)', 'shibboleth.SigningConfiguration.SHA256', 'idp.signing.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('8', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.artifact.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('18', 'SecurityConfiguration', 'idp.properties', 'Predicate condition bean controlling whether SameSite filter runs', 'all', null, null, 'Bean ID of Predicate', 'shibboleth.Conditions.FALSE', 'idp.cookie.sameSiteCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('15', 'SecurityConfiguration', 'idp.properties', 'Overrides the path of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.path', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('20', 'SecurityConfiguration', 'idp.properties', 'Type of Java keystore used for IdP''s internal AES encryption key', 'all', null, null, null, 'JCEKS', 'idp.sealer.storeType', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('40', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped messages', 'all', null, null, null, 'PT3M', 'idp.policy.messageLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('41', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped assertions', 'all', null, null, null, 'PT3M', 'idp.policy.assertionLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('42', 'SecurityConfiguration', 'idp.properties', 'Default allowance for clock differences between systems', 'all', null, null, null, 'PT3M', 'idp.policy.clockSkew', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('57', 'StorageConfiguration', 'idp.properties', 'Interval of background thread sweeping server-side storage for expired records', 'all', null, null, null, 'PT10M', 'idp.storage.cleanupInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('69', 'SessionConfiguration', 'idp.properties', 'Inactivity timeout policy for IdP sessions (must be non-zero)', 'all', null, null, null, 'PT60M', 'idp.session.timeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('70', 'SessionConfiguration', 'idp.properties', 'Extra time after expiration before removing SP sessions in case a logout is invoked', 'all', null, null, null, '0', 'idp.session.slop', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('24', 'SecurityConfiguration', 'idp.properties', 'Resource that tracks the active AES encryption key version usually a file path', 'all', null, null, null, null, 'idp.sealer.versionResource', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('66', 'SessionConfiguration', 'idp.properties', 'Number of characters in IdP session identifiers', 'all', null, null, null, '32', 'idp.session.idSize', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('27', 'SecurityConfiguration', 'idp.properties', 'Resource containing private key for signing typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('50', 'Core', 'idp.properties', 'Location from which to load user-supplied webflows from', 'all', null, null, 'resource path', '%{idp.home}/flows', 'idp.webflows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('22', 'SecurityConfiguration', 'idp.properties', 'Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)', 'all', null, null, null, 'secret', 'idp.sealer.aliasBase', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('37', 'SecurityConfiguration', 'idp.properties', 'Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration', 'all', null, null, null, 'Default', 'idp.encryption.keyagreement.metadata.defaultUseKeyWrap', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('46', 'CSRF', 'idp.properties', 'Name of the HTTP parameter that stores the CSRF token', '4', null, null, null, 'csrf_token', 'idp.csrf.token.parameter', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('61', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for message replay checking (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.replayCache.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('38', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify signatures', 'all', null, null, 'Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)', 'shibboleth.ChainingSignatureTrustEngine', 'idp.trust.signatures', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('36', 'SecurityConfiguration', 'idp.properties', 'If true failure to locate an encryption key to use won''t result in request failure', 'all', null, null, null, 'false', 'idp.encryption.optional', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('52', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to expose detailed error causes in status information provided to outside parties', 'all', null, null, null, 'false', 'idp.errors.detailed', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('58', 'StorageConfiguration', 'idp.properties', 'Whether to use HTML Local Storage (if available) instead of cookies', 'all', null, null, null, 'false', 'idp.storage.htmlLocalStorage', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('47', 'Core', 'idp.properties', 'Auto-configures an HSTS response header', 'all', null, null, null, 'max-age=0', 'idp.hsts', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('49', 'Core', 'idp.properties', 'Auto-configures a Content Security Policy response header', 'all', null, null, null, 'frame-ancestors ''none''', 'idp.csp', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('25', 'SecurityConfiguration', 'idp.properties', 'Keystore password unlocking AES encryption keystore typically set during installation', 'all', null, null, null, null, 'idp.sealer.storePassword', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('54', 'ErrorHandlingConfiguration', 'idp.properties', 'The default view name to render for exceptions and events', 'all', null, null, null, 'error', 'idp.errors.defaultView', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('59', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default per-session instance of the client storage service', 'all', null, null, null, 'shib_idp_session_ss', 'idp.storage.clientSessionStorageName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('51', 'Core', 'idp.properties', 'Location from which to load user-modifiable Velocity view templates. This can be set to include "classpath*:/META-INF/net/shibboleth/idp/views" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables suppor', 'all', null, null, 'Comma seperated list of values', '%{idp.home}/views', 'idp.views', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('48', 'Core', 'idp.properties', 'Auto-configures an X-Frame-Options response header', 'all', null, null, null, 'DENY', 'idp.frameoptions', 'SELECTION_LIST', 'DENY,SAMEORIGIN', null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('74', 'SessionConfiguration', 'idp.properties', 'Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting', 'all', null, null, null, 'PT2H', 'idp.session.defaultSPlifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('76', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default amount of time to allow reuse prior authentication flows', 'all', null, null, 'measured since first usage', 'PT60M', 'idp.authn.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('77', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default inactivity timeout to prevent reuse of prior authentication flows', 'all', null, null, 'measured since last usage', 'PT30M', 'idp.authn.defaultTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('86', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.attribute-release.userStorageKeyAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('98', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit', 'all', null, null, null, '10', 'idp.consent.maxStoredRecords', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('28', 'SecurityConfiguration', 'idp.properties', 'Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.cert', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('100', 'ConsentConfiguration', 'idp.properties', 'Time in milliseconds to expire consent storage records', '4.x', null, null, '(v4.0=P1Y,v4.1=infinite)', null, 'idp.consent.storageRecordLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('90', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.terms-of-use.userStorageKeyAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('91', 'ConsentConfiguration', 'idp.properties', 'Suffix of message property used as value of consent storage records when idp.consent.compareValues is true', 'all', null, null, null, '.text', 'idp.consent.terms-of-use.consentValueMessageCodeSuffix', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('31', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate private key for decryption generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.key.2', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('84', 'ConsentConfiguration', 'idp.properties', 'Name of storage service used to store users'' consent choices', 'all', null, null, null, 'shibboleth.ClientPersistentStorageService', 'idp.consent.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('85', 'ConsentConfiguration', 'idp.properties', 'Name of function used to return the String storage key representing a user defaults to the principal name', 'all', null, null, null, 'shibboleth.consent.PrincipalConsentStorageKey', 'idp.consent.attribute-release.userStorageKey', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('72', 'SessionConfiguration', 'idp.properties', 'Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)', 'all', null, null, null, 'false', 'idp.session.trackSPSessions', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('73', 'SessionConfiguration', 'idp.properties', 'Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)', 'all', null, null, null, 'false', 'idp.session.secondaryServiceIndex', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('55', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it''s not necessary to fully qualify the class).', 'all', null, null, 'Bean ID of Properties (java.util.Properties)', null, 'idp.errors.excludedExceptions', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('56', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)', 'all', null, null, 'Bean ID of Collection (java.util)', null, 'idp.errors.exceptionMappings', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('79', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to prioritize prior authentication results when an SP requests more than one possible matching method', 'all', null, null, null, 'false', 'idp.authn.favorSSO', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('81', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to fail requests if a user identity after authentication doesn''t match the identity in a pre-existing session.', 'all', null, null, null, 'false', 'idp.authn.identitySwitchIsError', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('32', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate public key certificate generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.cert.2', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('30', 'SecurityConfiguration', 'idp.properties', 'Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.cert', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('29', 'SecurityConfiguration', 'idp.properties', 'Resource containing a private key for decryption typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('75', 'AuthenticationConfiguration', 'authn/authn.properties', 'Required expression that identifies the login flows to globally enable', 'all', null, null, 'ex. Password, MA, DUO', null, 'idp.authn.flows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('60', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default persistent instance of the client storage service', 'all', null, null, null, 'shib_idp_persistent_ss', 'idp.storage.clientPersistentStorageName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('26', 'SecurityConfiguration', 'idp.properties', 'Key password unlocking AES encryption key typically set to the same as the previous property and set during installation', 'all', null, null, null, null, 'idp.sealer.keyPassword', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('65', 'SessionConfiguration', 'idp.properties', 'Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)', '4.2', null, null, null, 'shib_idp_session', 'idp.session.cookieName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('82', 'AuthenticationConfiguration', 'authn/authn.properties', 'Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose', '4.1', null, null, null, null, 'idp.authn.discoveryURL', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('99', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using larger/server-side storage, 0 = no limit', 'all', null, null, null, '0', 'idp.consent.expandedMaxStoredRecords', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('88', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.attribute-release.auditFormat', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('93', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.terms-of-use.auditFormat', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('121', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'GeneralImpersonationPolicy', 'idp.impersonate.generalPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('152', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to search with the validateFilter: defaults to the rootDSE', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.pool.LDAP.validateDN', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('122', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'SpecificImpersonationPolicy', 'idp.impersonate.specificPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('124', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection URI for LDAP directory', 'all', null, null, 'LDAP URI ex. ldap://localhost or ldaps://localhost - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.ldapURL', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('114', 'FTICKSLoggingConfiguration', 'idp.properties', 'Digest algorithm used to obscure usernames', 'all', null, null, null, 'SHA-2', 'idp.fticks.algorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('116', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog host', 'all', null, null, null, 'localhost', 'idp.fticks.loghost', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('112', 'FTICKSLoggingConfiguration', 'idp.properties', 'Enables F-TICKS output and specifies the value of the federation-identifier field', 'all', null, null, null, null, 'idp.fticks.federation', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('137', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDNCredential', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('115', 'FTICKSLoggingConfiguration', 'idp.properties', 'A salt to apply when digesting usernames (if not specified, the username will not be included)', 'all', null, null, null, null, 'idp.fticks.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('138', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator', 'all', null, null, 'ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.dnFormat', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('109', 'CasProtocolConfiguration', 'idp.properties', 'Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed "simple" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)', 'all', null, null, null, 'shibboleth.StorageService', 'idp.cas.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('113', 'FTICKSLoggingConfiguration', 'idp.properties', 'Optional bean name of a Predicate to use to decide whether to run', '4.1', null, null, null, null, 'idp.fticks.condition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('110', 'CasProtocolConfiguration', 'idp.properties', 'CAS service registry implementation class', 'all', null, null, null, 'net.shibboleth.idp.cas.service.PatternServiceRegistry', 'idp.cas.serviceRegistryClass', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('107', 'Core', 'idp.properties', 'Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)', 'all', null, null, 'Bean ID of HttpClient to use for SOAP-based logout', 'SOAPClient.HttpClient', 'idp.soap.httpClient', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('106', 'LogoutConfiguration', 'idp.properties', 'Applies the "display:none" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user', '4.2', null, null, null, 'false', 'idp.logout.propagationHidden', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('119', 'Core', 'idp.properties', 'Set to true to fail on velocity syntax errors', 'all', null, null, null, 'false', 'idp.velocity.runtime.strictmode', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('162', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it', '4.1', null, null, null, null, 'idp.authn.Krb5.servicePrincipal', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('117', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog port', 'all', null, null, null, '514', 'idp.fticks.logport', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('120', 'Core', 'idp.properties', 'Path to use with External interceptor flow', 'all', null, null, null, 'contextRelative:intercept.jsp', 'idp.intercept.External.externalPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('108', 'Core', 'idp.properties', 'languages to use if no match can be found with the browser-supported languages', 'all', null, null, 'Comma seperated list of values ex. en, fr, de', null, 'idp.ui.fallbackLanguages', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('154', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between looking for idle connections to reduce the pool back to its minimum size', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.prunePeriod', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('151', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between validation if idp.pool.LDAP.validatePeriodically is true', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.validatePeriod', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('166', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.External', null, null, '1000', 'idp.authn.External.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('141', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Policy Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordPolicy', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('321', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('176', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('153', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Search filter to execute in order to validate a pooled connection', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', '(objectClass=*)', 'idp.pool.LDAP.validateFilter', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('191', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('192', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('184', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('185', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('187', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('181', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUser', null, 'regex expected', null, 'idp.authn.RemoteUser.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('202', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'A regular expression that must match the username', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('158', 'JAASAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited set of JAAS application configuration names to use', '4.1', null, null, null, 'ShibUserPassAuth', 'idp.authn.JAAS.loginConfigNames', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('164', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.External', null, null, 'contextRelative:external.jsp', 'idp.authn.External.externalAuthnPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('221', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Servlet-relative path to the SPNEGO external authentication implementation', '4.1', 'idp.authn.SPNEGO', null, 'URL path', '/Authn/SPNEGO', 'idp.authn.SPNEGO.externalAuthnPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('207', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.RemoteUserInternal', null, null, '1000', 'idp.authn.RemoteUserInternal.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('224', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.SPNEGO', null, 'regex expected', null, 'idp.authn.SPNEGO.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('211', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.RemoteUserInternal.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('206', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('214', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.RemoteUserInternal.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('216', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('217', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('230', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SPNEGO.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('208', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('215', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.RemoteUserInternal.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('540', 'OPMetadataPolicies', 'oidc.properties', 'Full path to the file containing default metadata policy used for dynamic client registration', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.dynreg.defaultMetadataPolicyFile', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('205', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'contextRelative:external.jsp', 'idp.authn.RemoteUserInternal.externalAuthnPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('225', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Name of cookie used to track auto-login state of client', '4.2', 'idp.authn.SPNEGO', null, null, '_idp_spnego_autologin', 'idp.authn.SPNEGO.cookieName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('303', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.integrationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('304', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.secretKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('197', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited lists of request attributes to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('226', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.SPNEGO', null, null, '1000', 'idp.authn.SPNEGO.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('218', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('236', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('250', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('251', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('242', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('234', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SPNEGO.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('248', 'X509AuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('249', 'X509AuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('263', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509Internal.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('243', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('244', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('399', 'ReloadableServices', 'services.properties', 'Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry', 'all', null, null, null, 'true', 'idp.service.attribute.registry.encodeType', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('403', 'ReloadableServices', 'services.properties', 'Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.resolver.maskFailures', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('405', 'ReloadableServices', 'services.properties', 'Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so ther', '4.2', null, null, null, 'true', 'idp.service.attribute.resolver.suppressDisplayInfo', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('264', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509Internal.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('198', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of request headers to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkHeaders', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('203', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to accept while blocking all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.allowedUsernames', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('204', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to deny while accepting all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.deniedUsernames', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('219', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.RemoteUserInternal.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('360', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:mace:shibboleth:1.0:nameIdentifier', 'idp.nameid.saml1.default', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('241', 'X509AuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.X509', null, null, '1000', 'idp.authn.X509.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('256', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.X509Internal.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('237', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step', '4.1', null, null, null, null, 'idp.authn.SAML.outboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('265', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('266', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('291', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.Function.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('292', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.Function.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('579', 'OPSubClaim', 'oidc.properties', 'Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('598', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.secretKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('608', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI integration key supplied by Duo', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.nonbrowser.integrationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('643', 'Metadatagen', 'mdgen.properties', 'A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.displayname.', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('279', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('280', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('293', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('294', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('319', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('320', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('353', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('314', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.Duo.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('311', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('336', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.SAML.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('358', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for generating transient IDs', 'all', null, null, 'Bean ID of a TransientIdGenerationStrategy', 'shibboleth.CryptoTransientIdGenerator', 'idp.transientId.generator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('333', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', null, null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SAML.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('348', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.MFA.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('327', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of Function to run at the late stages of Response decoding/processing', '4.1', null, null, null, null, 'idp.authn.SAML.inboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('328', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of AssertionValidator to run', '4.1', null, null, null, null, 'idp.authn.SAML.assertionValidator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('338', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('339', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('337', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SAML.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('351', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.MFA.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('352', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.MFA.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('330', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.SAML.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('296', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Function', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.Function.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('305', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Factor', 'idp.duo.nonbrowser.header.factor', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('306', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Device', 'idp.duo.nonbrowser.header.device', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('331', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('332', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('335', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.SAML.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('307', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Passcode', 'idp.duo.nonbrowser.header.passcode', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('299', 'DuoAuthnConfiguration', 'authn/duo.properties', 'A secret supplied by you and not shared with Duo; see https://duo.com/docs/duoweb-v2, "Generate an akey".', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.applicationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('300', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.integrationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('322', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Duo', null, null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.Duo.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('301', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.secretKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('325', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Statically-defined entityID of IdP to use for authentication', '4.1', null, null, null, null, 'idp.authn.SAML.proxyEntityID', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('359', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'idp.nameid.saml2.default', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('329', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.SAML.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('344', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.MFA', null, null, '1000', 'idp.authn.MFA.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('340', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('370', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services', 'all', null, null, null, 'shibboleth.ComputedIdExceptionMap', 'idp.persistentId.exceptionMap', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('388', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for RelyingPartyConfiguration', 'all', null, null, null, 'shibboleth.RelyingPartyResolverResources', 'idp.service.relyingparty.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('367', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'An encoded form of the persistentId.salt', 'all', null, null, null, null, 'idp.persistentId.encodedSalt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('389', 'ReloadableServices', 'services.properties', 'Fail at startup if RelyingPartyConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.relyingparty.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('362', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies a data source for storage-based management of persistent IDs', 'all', null, null, 'Bean ID of a JDBC DataSource', null, 'idp.persistentId.dataSource', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('361', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for sourcing persistent IDs', 'all', null, null, 'Bean ID of a PairwiseIdStore', 'shibboleth.ComputedPersistentIdGenerator', 'idp.persistentId.generator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('391', 'ReloadableServices', 'services.properties', 'See MetadataDrivenConfiguration SAML Attribute Name Format Usage', 'all', null, null, null, 'false', 'idp.service.relyingparty.ignoreUnmappedEntityAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('393', 'ReloadableServices', 'services.properties', 'Fail at startup if MetadataConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.metadata.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('368', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The hash algorithm used when using computed persistent IDs', 'all', null, null, null, 'SHA', 'idp.persistentId.algorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('423', 'ReloadableServices', 'services.properties', 'Seconds between reloads of message property resources', 'all', null, null, null, '300', 'idp.message.cacheSeconds', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('392', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for MetadataConfiguration', 'all', null, null, null, 'shibboleth.MetadataResolverResources', 'idp.service.metadata.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('396', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeRegistryConfiguration', 'all', null, null, null, 'shibboleth.AttributeRegistryResources', 'idp.service.attribute.registry.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('400', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeResolverConfiguration', 'all', null, null, null, 'shibboleth.AttributeResolverResources', 'idp.service.attribute.resolver.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('398', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.registry.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('406', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeFilterConfiguration', 'all', null, null, null, 'shibboleth.AttributeFilterResources', 'idp.service.attribute.filter.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('402', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.resolver.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('410', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for NameIDGenerationConfiguration', 'all', null, null, null, 'shibboleth.NameIdentifierGenerationResources', 'idp.service.nameidGeneration.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('413', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AccessControlConfiguration', 'all', null, null, null, 'shibboleth.AccessControlResource', 'idp.service.access.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('416', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for CASServiceRegistry configuration', 'all', null, null, null, 'shibboleth.CASServiceRegistryResources', 'idp.service.cas.registry.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('408', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.filter.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('412', 'ReloadableServices', 'services.properties', 'Time to notice changes to NameIDGenerationConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.nameidGeneration.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('415', 'ReloadableServices', 'services.properties', 'Time to notice changes to AccessControlConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.access.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('418', 'ReloadableServices', 'services.properties', 'Time to notice CASServiceRegistry configuration changes and reload service', 'all', null, null, null, '0', 'idp.service.cas.registry.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('421', 'ReloadableServices', 'services.properties', 'Time to notice ManagedBeanConfiguration changes and reload service', 'all', null, null, null, '0', 'idp.service.managedBean.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('369', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64', 'all', null, null, null, 'BASE64', 'idp.persistentId.encoding', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('397', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeRegistryConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.registry.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('401', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeResolverConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('404', 'ReloadableServices', 'services.properties', 'Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invis', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.stripNulls', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('407', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeFilterConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.filter.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('411', 'ReloadableServices', 'services.properties', 'Fail at startup if NameIDGenerationConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.nameidGeneration.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('417', 'ReloadableServices', 'services.properties', 'Fail at startup if CASServiceRegistry configuration is invalid', 'all', null, null, null, 'false', 'idp.service.cas.registry.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('373', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of error strings to identify as retryable failures', '4.1', null, null, null, '23000,23505', 'idp.persistentId.retryableErrors', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('364', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable', 'all', null, null, null, null, 'idp.persistentId.sourceAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('375', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides the name of the table in the database', '4.1', null, null, null, 'shibpid', 'idp.persistentId.tableName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('376', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localEntity', 'idp.persistentId.localEntityColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('377', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerEntity', 'idp.persistentId.peerEntityColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('378', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'principalName', 'idp.persistentId.principalNameColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('379', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localId', 'idp.persistentId.sourceIdColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('380', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'persistentId', 'idp.persistentId.persistentIdColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('381', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerProvidedId', 'idp.persistentId.peerProvidedIdColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('419', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for ManagedBeanConfiguration', 'all', null, null, null, 'shibboleth.ManagedBeanResources', 'idp.service.managedBean.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('422', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying Spring message property resources', 'all', null, null, null, 'shibboleth.MessageSourceResources', 'idp.message.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('560', 'OPDiscovery', 'oidc.properties', 'Implementation bean for discovery shouldn''t require alteration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.DefaultOpenIdConfigurationResolver', 'idp.oidc.discovery.resolver', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('574', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function called shibboleth.oidc.AllowedScopeStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedScope', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('575', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedAudience', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('570', 'OPDynamicClientRegistration', 'oidc.properties', 'Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy', 'idp.oidc.admin.registration.lookup.policy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('382', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'creationDate', 'idp.persistentId.createTimeColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('383', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'deactivationDate', 'idp.persistentId.deactivationTimeColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('573', 'OPClientResolution', 'oidc.properties', 'Name of bean used to define the resources to use in configuring this service', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ClientInformationResolverResources', 'idp.service.clientinfo.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('650', 'OIDC OP', 'oidc.properties', 'Storage for storing remote jwk sets.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.StorageService', 'idp.oidc.jwk.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('433', 'MetadataReload', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('434', 'MetadataReload', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.reload.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('366', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'A secret salt for the hash when using computed persistent IDs', 'all', null, null, null, null, 'idp.persistentId.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('428', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('430', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('424', 'Status', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Status', 'idp.status.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('425', 'Status', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.status.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('431', 'MetadataReload', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Reload', 'idp.reload.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('435', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('438', 'AACLI', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'ResolverTest', 'idp.resolvertest.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('437', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('497', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of subjectAltName extension types to look for', '4.1', null, null, 'Comma seperated list of integer values', null, 'idp.c14n.x500.subjectAltNameTypes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('439', 'AACLI', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.resolvertest.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('442', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('444', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('445', 'MetadataQuery', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'MetadataQuery', 'idp.mdquery.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('498', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attribute OIDs to search for in the subject DN', '4.1', null, null, 'Comma seperated list of integer values', '2,5,4,3', 'idp.c14n.x500.objectIDs', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('493', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.c14n.attribute.resolutionCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('651', 'OIDC OP', 'oidc.properties', 'Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.metadata.saml', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('655', 'OIDC OP', 'oidc.properties', 'Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultRequestLoginHintLookupFunction', 'idp.oidc.LoginHintLookupStrategy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('656', 'OIDC OP', 'oidc.properties', 'Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultSPSessionCreationStrategy', 'idp.oidc.SPSessionCreationStrategy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('19', 'SecurityConfiguration', 'idp.properties', 'Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.', 'all', null, null, 'Bean ID of DataSealerKeyStrategy', 'shibboleth.DataSealerKeyStrategy', 'idp.sealer.keyStrategy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('103', 'LogoutConfiguration', 'idp.properties', 'If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session', 'all', null, null, 'Bean ID of Predicate', 'false', 'idp.logout.promptUser', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('44', 'SecurityConfiguration', 'idp.properties', 'Overrides the X509KeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.X509KeyInfoGeneratorFactory', 'idp.security.x509KeyInfoFactory', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('64', 'SessionConfiguration', 'idp.properties', 'Bean name of a storage implementation/configuration to use for IdP sessions', 'all', null, null, 'Bean ID of StorageService (org.opensaml.storage)', 'shibboleth.ClientSessionStorageService', 'idp.session.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('312', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('446', 'MetadataQuery', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.mdquery.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('313', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('484', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('517', 'OIDC OP', 'oidc.properties', 'Set the Open ID Connect Issuer value', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.issuer', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('68', 'SessionConfiguration', 'idp.properties', 'A 2-argument predicate that compares a bound session''s address to a client address', 'all', null, null, 'BiPredicate', 'Direct string comparison', 'idp.session.consistentAddressCondition', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('518', 'OPToken', 'oidc.properties', 'Lifetime of ID token', '4.1', 'idp.oidc.OP', '3', null, 'PT1H', 'idp.oidc.idToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('524', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.encodedAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('529', 'OPAuthorization', 'oidc.properties', 'Bean ID of StorageService for revocation cache requires server-side storage', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.StorageService', 'idp.oidc.revocationCache.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('545', 'OPSecurity', 'oidc.properties', 'Allows override of default signing configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.SigningConfiguration', 'idp.oidc.signing.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('546', 'OPSecurity', 'oidc.properties', 'Allows override of default encryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.EncryptionConfiguration', 'idp.oidc.encryption.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('547', 'OPSecurity', 'oidc.properties', 'Allows override of default request decryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.requestObjectDecryptionConfiguration', 'idp.oidc.rodecrypt.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('519', 'OPToken', 'oidc.properties', 'Lifetime of access token', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oidc.accessToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('520', 'OPAuthorization', 'oidc.properties', 'Lifetime of authorization code', '4.1', 'idp.oidc.OP', '3', null, 'PT5M', 'idp.oidc.authorizeCode.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('521', 'OPToken', 'oidc.properties', 'Lifetime of refresh token', '4.1', 'idp.oidc.OP', '3', null, 'PT2H', 'idp.oidc.refreshToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('528', 'OPRevocation', 'oidc.properties', 'Lifetime of entries in revocation cache for authorize code', '4.1', 'idp.oidc.OP', '3', null, 'PT6H', 'idp.oidc.revocationCache.authorizeCode.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('535', 'OPToken', 'oidc.properties', 'Lifetime of access token issued to client for resource server', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oauth2.accessToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('544', 'OPSecurity', 'oidc.properties', 'JWK RSA decryption keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-encryption-rsa.jwk', 'idp.signing.oidc.rsa.enc.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('543', 'OPSecurity', 'oidc.properties', 'JWK EC signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-es.jwk', 'idp.signing.oidc.es.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('449', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('451', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('455', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('542', 'OPSecurity', 'oidc.properties', 'JWK RSA signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-rs.jwk', 'idp.signing.oidc.rs.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('452', 'MetricsConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Metrics', 'idp.metrics.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('457', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('462', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('464', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('458', 'HelloWorldConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Hello', 'idp.hello.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('459', 'HelloWorldConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByAdminUser', 'idp.hello.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('527', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to omit from UserInfo token', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.deniedUserInfoAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('526', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to always include in ID token regardless of response_type', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.alwaysIncludedAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('541', 'OPDynamicClientRegistration', 'oidc.properties', 'The acceptable client authentication methods when using dynamic registration', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.dynreg.tokenEndpointAuthMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('530', 'OPToken', 'oidc.properties', 'The acceptable client authentication methods', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.tokenEndpointAuthMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('531', 'OPToken', 'oidc.properties', 'OAuth grant types to allow', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'authorization_code,refresh_token', 'idp.oauth2.grantTypes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('553', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.oidc.OP', '3', null, '1000', 'idp.authn.OAuth2Client.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('565', 'OPDynamicClientRegistration', 'oidc.properties', 'Default access token lifetime if not specified', '4.1', 'idp.oidc.OP', '3', null, 'P1D', 'idp.oidc.admin.registration.defaultTokenLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('572', 'OPClientResolution', 'oidc.properties', 'When non-zero enables monitoring of resources for service reload', '4.1', 'idp.oidc.OP', '3', null, 'PT0S', 'idp.service.clientinfo.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('555', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.Conditions.TRUE', 'idp.authn.OAuth2Client.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('558', 'OPCustomFilterRegistration', 'oidc.properties', 'By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ResponseHeaderFilter', 'idp.oidc.ResponseHeaderFilter', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('35', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default EncryptionConfiguration', 'all', null, null, 'Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)', 'shibboleth.EncryptionConfiguration.CBC', 'idp.encryption.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('43', 'SecurityConfiguration', 'idp.properties', 'Overrides the BasicKeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.BasicKeyInfoGeneratorFactory', 'idp.security.basicKeyInfoFactory', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('39', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify TLS certificates', 'all', null, null, 'Bean ID of TrustEngine (org.opensaml.security.trust)', 'shibboleth.ChainingX509TrustEngine', 'idp.trust.certificates', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('550', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether all validators must succeed or just one', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.authn.OAuth2Client.requireAll', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('552', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution', '4.1', 'idp.oidc.OP', '3', 'use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.', 'false', 'idp.authn.OAuth2Client.retainAsPrivateCredential', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('563', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to enable user authentication for requests', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('466', 'AccountLockoutManagement', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.lockout.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('472', '?', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Storage', 'idp.storage.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('473', '?', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.storage.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('478', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'UnlockKeys', 'idp.unlock-keys.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('561', 'OPDynamicClientRegistration', 'oidc.properties', 'Audit logging label for this profile', '4.1', 'idp.oidc.OP', '3', null, 'IssueRegistrationAccessToken', 'idp.oidc.admin.registration.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('566', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to all requests', '4.1', 'idp.oidc.OP', '3', null, 'AccessByIPAddress', 'idp.oidc.admin.registration.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('584', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.DuoOIDC.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('610', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Factor', 'idp.duo.oidc.nonbrowser.header.factor', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('580', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.DuoOIDC', '1', null, '1000', 'idp.authn.DuoOIDC.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('587', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.DuoOIDC.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('479', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.unlock-keys.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('483', 'AttendedRestartConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.unlock-keys.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('490', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)', '4.1', null, null, null, null, 'idp.c14n.attribute.attributesToResolve', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('588', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.DuoOIDC.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('491', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue', '4.1', null, null, null, null, 'idp.c14n.attribute.attributeSourceIds', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('503', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml1sso', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('591', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.authn.DuoOIDC.subjectDecorator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('589', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('590', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('315', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('316', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('481', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.unlock-keys.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('482', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.unlock-keys.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('485', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('581', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('45', 'CSRF', 'idp.properties', 'Enables CSRF protection', '4', null, null, null, 'true', 'idp.csrf.enabled', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('522', 'OPToken', 'oidc.properties', 'Whether client is required to use PKCE', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.forcePKCE', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('615', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for the connection to be established', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('612', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Passcode', 'idp.duo.oidc.nonbrowser.header.passcode', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('642', 'Metadatagen', 'mdgen.properties', 'The width of the logo in pixels', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.width', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('635', 'TOTP', 'authn/authn.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.TOTP', '1', null, null, 'idp.authn.TOTP.subjectDecorator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('633', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('616', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for a connection to be returned from the connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionRequestTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('617', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum period inactivity between two consecutive data packets', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.socketTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('631', 'TOTP', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.TOTP.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('632', 'TOTP', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.TOTP.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('641', 'Metadatagen', 'mdgen.properties', 'The height of the logo in pixels.', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.height', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('634', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('628', 'TOTP', 'authn/authn.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.TOTP.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('620', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'To enable certificate revocation checking', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'false', 'idp.duo.oidc.nimbus.checkRevocation', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('625', 'TOTP', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('626', 'TOTP', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('53', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)', 'all', null, null, null, 'true', 'idp.errors.signed', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('504', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml1attrquery', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('505', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml1artifact', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('506', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml2sso', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('618', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max total simultaneous connections allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsTotal', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('619', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max simultaneous connections per route allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsPerRoute', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('624', 'TOTP', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.TOTP', '1', null, '1000', 'idp.authn.TOTP.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('640', 'Metadatagen', 'mdgen.properties', 'Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path (''/path/to/logo'') is use', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.logo.path', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('639', 'Metadatagen', 'mdgen.properties', 'Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.backchannel.cert', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('638', 'Metadatagen', 'mdgen.properties', 'Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.dnsname', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('647', 'OIDC OP', 'oidc.properties', 'The validity of client secret registered', '4.1', 'idp.oidc.OP', '3', 'no doc', 'P12M', 'idp.oidc.dynreg.defaultSecretExpiration', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('652', 'OIDC OP', 'oidc.properties', 'Upgrade interval to the remote JWKs', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT30M', 'idp.oidc.jwksuri.fetchInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('653', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT5M', 'idp.oidc.config.minRefreshDelay', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('654', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT4H', 'idp.oidc.config.maxRefreshDelay', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('507', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml2attrquery', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('508', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml2artifact', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('509', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.saml2slo', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('510', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.logout', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('511', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.cas', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('512', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Status', 'idp.service.logging.status', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('513', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ResolverTest', 'idp.service.logging.resolvertest', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('514', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Reload', 'idp.service.logging.serviceReload', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('515', 'AuditLoggingConfiguration', 'services.properties', 'Hash algorithm to apply to various hashed fields', '4.1', null, null, null, 'SHA-256', 'idp.audit.hashAlgorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('516', 'AuditLoggingConfiguration', 'services.properties', 'Salt to apply to hashed fields must be set to use those fields', '4.1', null, null, null, null, 'idp.audit.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('536', 'OPRevocation', 'oidc.properties', 'The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token', '4.1', 'idp.oidc.OP', '3', null, 'CHAIN', 'idp.oauth2.revocationMethod', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('538', 'OPDynamicClientRegistration', 'oidc.properties', 'The default scopes accepted in dynamic registration', '4.1', 'idp.oidc.OP', '3', null, 'openid profile email address phone offline_access', 'idp.oidc.dynreg.defaultScope', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('539', 'OPDynamicClientRegistration', 'oidc.properties', 'The default subject type if not set by client in request. Maybe set to pairwise or public.', '4.1', 'idp.oidc.OP', '3', null, 'public', 'idp.oidc.dynreg.defaultSubjectType', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('533', 'OPToken', 'oidc.properties', 'Format of access token. Supported values are JWT or nothing.', '4.1', 'idp.oidc.OP', '3.2', null, null, 'idp.oauth2.accessToken.type', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('567', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyLocation', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyLocationPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('568', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyIdPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('569', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a clientId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.clientIdPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('577', 'OPSubClaim', 'oidc.properties', 'The source attribute used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.sourceAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('578', 'OPSubClaim', 'oidc.properties', 'The digest algorithm used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, 'SHA', 'idp.oidc.subject.algorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('594', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'DuoOIDC API hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.apiHost', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('649', 'OIDC OP', 'oidc.properties', 'Bean to determine whether dynamic registration should validate the remote JWK set if it''s defined in the request', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.dynreg.validateRemoteJwks', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('1', 'Core', 'idp.properties', 'Auto-load all files matching conf/**/*.properties', '4', null, null, null, 'true', 'idp.searchForProperties', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('5', 'RelyingPartyConfiguration', 'idp.properties', 'Whether to allow use of the SAML artifact bindings when sending messages', 'all', null, null, null, 'true', 'idp.artifact.enabled', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('6', 'RelyingPartyConfiguration', 'idp.properties', 'Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)', 'all', null, null, null, 'true', 'idp.artifact.secureChannel', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('9', 'RelyingPartyConfiguration', 'idp.properties', 'Controls whether the outbound binding selection is ordered by the SP''s metadata or the IdP''s preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also', '4.1', null, null, null, 'true', 'idp.bindings.inMetadataOrder', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('13', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property', 'all', null, null, null, 'true', 'idp.cookie.httpOnly', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('595', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The OAuth 2.0 Client Identifier valid at the Authorization Server', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.clientId', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('596', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Redirection URI to which the 2FA response will be sent', '4.1', 'idp.authn.DuoOIDC', '1', 'ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback', null, 'idp.duo.oidc.redirectURL', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('592', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.DuoOIDC.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('597', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.redirecturl.allowedOrigins', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('599', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 health check endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/health_check', 'idp.duo.oidc.endpoint.health', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('600', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 token endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.endpoint.token', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('601', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 authorization endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/authorize', 'idp.duo.oidc.endpoint.authorize', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('604', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.jwt.verifier.issuerPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('605', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'preferred_username', 'idp.duo.oidc.jwt.verifier.preferredUsername', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('607', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.duo.oidc.apiHost}', 'idp.duo.oidc.nonbrowser.apiHost', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('611', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Device', 'idp.duo.oidc.nonbrowser.header.device', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('621', 'TOTP', 'authn/authn.properties', 'Name of request header to use for extracting non-browser submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'X-Shibboleth-TOTP', 'idp.authn.TOTP.headerName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('622', 'TOTP', 'authn/authn.properties', 'Name of HTML form field to use for locating browser-submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'tokencode', 'idp.authn.TOTP.fieldName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('623', 'TOTP', 'authn/authn.properties', 'Name of IdPAttribute to resolve to obtain token seeds for users', '4.1', 'idp.authn.TOTP', '1', null, 'tokenSeeds', 'idp.authn.TOTP.tokenSeedAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('636', 'TOTP', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.TOTP', '1', null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken', 'idp.authn.TOTP.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('645', 'Metadatagen', 'mdgen.properties', 'Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.description.', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('365', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Whether or not the previous property has access to unreleased attributes', 'all', null, null, null, 'true', 'idp.persistentId.useUnfilteredAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('150', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections in the background', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.pool.LDAP.validatePeriodically', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('142', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Expired Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordExpiration', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('614', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Pass client address to Duo in API calls to support logging', '4.1', 'idp.authn.DuoOIDC', '1', 'push display', 'true', 'idp.duo.oidc.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('140', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryWithBindDN', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('129', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'How to establish trust in the server''s TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'certificateTrust', 'idp.authn.LDAP.sslConfig', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('125', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether StartTLS should be used after connecting with LDAP alone.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.authn.LDAP.useStartTLS', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('149', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections when checking them out of the pool', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.pool.LDAP.validateOnCheckout', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('144', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.freeIPADirectory', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('143', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the ''adAuthenticator''. It is meant to be specified with one of the other authenticator types.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.activeDirectory', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('146', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether connection pools should be used for LDAP authentication and DN resolution', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.disablePooling', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('145', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.eDirectory', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('126', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for the TCP connection to occur.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.connectTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('157', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your ', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindPoolPassivator', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('128', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'ACTIVE_PASSIVE', 'idp.authn.LDAP.connectionStrategy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('127', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for an LDAP response message', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.responseTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('123', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'anonSearchAuthenticator', 'idp.authn.LDAP.authenticator', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('136', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDN', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('139', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be returned in the authentication response even when the user bind fails.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryOnFailure', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('133', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.baseDN', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('132', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'List of attributes to request during authentication', 'all', null, null, 'Comma seperated list of values. The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.returnAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('135', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.userFilter', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('134', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.subtreeSearch', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('62', 'StorageConfiguration', 'idp.properties', 'Whether storage errors during replay checks should be treated as a replay', 'all', null, null, null, 'true', 'idp.replayCache.strict', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('63', 'SessionConfiguration', 'idp.properties', 'Whether to enable the IdP''s session tracking feature', 'all', null, null, null, 'true', 'idp.session.enabled', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('67', 'SessionConfiguration', 'idp.properties', 'Whether to bind IdP sessions to IP addresses', 'all', null, null, null, 'true', 'idp.session.consistentAddress', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('78', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication', '4.1', null, null, null, 'true', 'idp.authn.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('80', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to populate information about the relying party into the tree for user interfaces during login and interceptors', 'all', null, null, null, 'true', 'idp.authn.rpui', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('94', 'ConsentConfiguration', 'idp.properties', 'Whether not remembering/storing consent is allowed', 'all', null, null, null, 'true', 'idp.consent.allowDoNotRemember', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('95', 'ConsentConfiguration', 'idp.properties', 'Whether consent to any attribute and to any relying party is allowed', 'all', null, null, null, 'true', 'idp.consent.allowGlobal', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('102', 'LogoutConfiguration', 'idp.properties', 'Whether to require signed logout messages in accordance with the SAML 2.0 standard', 'all', null, null, null, 'true', 'idp.logout.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('118', 'AuditLoggingConfiguration', 'services.properties', 'Set false if you want SAML bindings "spelled out" in audit log', 'all', null, null, null, 'true', 'idp.audit.shortenBindings', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('179', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.External', null, null, 'true', 'idp.authn.External.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('195', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUser', null, null, 'true', 'idp.authn.RemoteUser.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('196', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to check REMOTE_USER for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.checkRemoteUser', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('199', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to trim leading and trailing whitespace from the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('220', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('646', 'OIDC OP', 'oidc.properties', 'Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides', '4.1', 'idp.oidc.OP', '3', 'no doc', 'false', 'idp.oidc.encryptionOptional', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('239', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, 'true', 'idp.authn.SPNEGO.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('254', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.X509', null, null, 'true', 'idp.authn.X509.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('255', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to save the certificate into the Subject''s public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.saveCertificateToCredentialSet', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('269', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('283', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.IPAddress', null, null, 'true', 'idp.authn.IPAddress.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('297', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Function', null, null, 'true', 'idp.authn.Function.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('308', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Allow the factor to be defaulted to auto if no headers are received', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.auto', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('309', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Pass client address to Duo in API calls to support logging, push display, and network-based Duo policies', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('323', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Duo', null, null, 'true', 'idp.authn.Duo.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('342', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.SAML.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('343', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions', '4.1', null, null, null, 'true', 'idp.authn.MFA.validateLoginTransitions', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('357', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.MFA', null, null, 'true', 'idp.authn.MFA.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('374', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.', '4.1', null, null, null, 'true', 'idp.persistentId.verifyDatabase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('386', 'ReloadableServices', 'services.properties', 'Fail at startup if logging configuration is invalid', 'all', null, null, null, 'true', 'idp.service.logging.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('395', 'ReloadableServices', 'services.properties', 'Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost', 'all', null, null, null, 'true', 'idp.service.metadata.enableByReferenceFilters', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('409', 'ReloadableServices', 'services.properties', 'Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.filter.maskFailures', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('414', 'ReloadableServices', 'services.properties', 'Fail at startup if AccessControlConfiguration is invalid', 'all', null, null, null, 'true', 'idp.service.access.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('460', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('463', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('480', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.unlock-keys.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('486', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.simple.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('489', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.attribute.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('496', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.x500.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('551', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to remove the object holding the password from the request''s active state after validating it (to avoid it being preserved in the session any longer than needed)', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.removeAfterValidation', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('557', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('562', 'OPDynamicClientRegistration', 'oidc.properties', 'Enables support for non-browser-based authentication', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.oidc.admin.registration.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('583', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.authn.DuoOIDC.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('613', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Allow the factor to be defaulted in as "auto" if no headers are received', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.duo.oidc.nonbrowser.auto', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('627', 'TOTP', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.TOTP', '1', null, 'true', 'idp.authn.TOTP.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('648', 'OIDC OP', 'oidc.properties', 'Regardless of what signing algorithms are configured allow none for request object signing', '4.1', 'idp.oidc.OP', '3', 'no doc', 'true', 'idp.oidc.dynreg.allowNoneForRequestSigning', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('83', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global set', '4', null, null, null, 'false', 'idp.authn.overrideRequestedAuthnContext', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('96', 'ConsentConfiguration', 'idp.properties', 'Whether per-attribute consent is allowed', 'all', null, null, null, 'false', 'idp.consent.allowPerAttribute', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('97', 'ConsentConfiguration', 'idp.properties', 'Whether attribute values and terms of use text are stored and compared for equality', 'all', null, null, null, 'false', 'idp.consent.compareValues', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('101', 'LogoutConfiguration', 'idp.properties', 'Whether to search metadata for user interface information associated with every service involved in logout propagation', 'all', null, null, null, 'false', 'idp.logout.elaboration', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('104', 'LogoutConfiguration', 'idp.properties', 'Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic', '4.1', null, null, null, 'false', 'idp.logout.preserveQuery', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('105', 'LogoutConfiguration', 'idp.properties', 'When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints', '4.2', null, null, null, 'false', 'idp.logout.assumeAsync', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('111', 'CasProtocolConfiguration', 'idp.properties', 'If true CAS services provisioned with SAML metadata are identified via entityID', 'all', null, null, null, 'false', 'idp.cas.relyingPartyIdFromMetadata', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('160', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', null, null, null, 'false', 'idp.authn.Krb5.refreshConfig', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('523', 'OPToken', 'oidc.properties', 'Whether client is allowed to use PKCE code challenge method plain', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.allowPKCEPlain', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('161', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to preserve the resulting Kerberos TGT in the Java Subject''s private credential set', '4.1', null, null, null, 'false', 'idp.authn.Krb5.preserveTicket', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('167', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('168', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('169', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('171', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('172', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('188', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('200', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to lowercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('201', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to uppercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('209', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('210', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('212', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('213', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('222', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to always try to run SPNEGO independent of the user''s auto-login setting', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.enforceRun', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('223', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.refreshKrbConfig', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('227', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('228', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('229', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('231', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('232', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('246', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('247', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('257', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('258', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('259', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('261', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('262', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('273', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('275', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('276', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('285', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('286', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('287', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('289', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('290', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('334', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.SAML.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('345', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('346', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('347', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('349', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('350', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('420', 'ReloadableServices', 'services.properties', 'Fail at startup if ManagedBeanConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.managedBean.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('426', 'Status', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('427', 'Status', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.status.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('429', 'Status', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('436', 'MetadataReload', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('440', 'AACLI', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('441', 'AACLI', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.resolvertest.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('443', 'AACLI', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('447', 'MetadataQuery', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('448', 'MetadataQuery', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.mdquery.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('450', 'MetadataQuery', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('453', 'MetricsConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('454', 'MetricsConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.metrics.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('456', 'MetricsConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('461', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.hello.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('467', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('468', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.lockout.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('470', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('474', '?', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('475', '?', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.storage.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('477', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('487', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('488', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('492', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service', '4.1', null, null, null, 'false', 'idp.c14n.attribute.resolveFromSubject', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('494', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('495', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('499', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('500', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('501', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('502', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('525', 'OPAuthorization', 'oidc.properties', 'Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.encodeConsentInTokens', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('532', 'OPToken', 'oidc.properties', 'Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.', '4.1', 'idp.oidc.OP', '3.2', null, 'false', 'idp.oauth2.enforceRefreshTokenRotation', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('534', 'OPToken', 'oidc.properties', 'Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oauth2.encryptionOptional', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('564', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to resolve attributes if authentication is enabled', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('571', 'OPClientResolution', 'oidc.properties', 'If true any failures during initialization of any resolvers result in IdP startup failure', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.service.clientinfo.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('582', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('585', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.DuoOIDC', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.DuoOIDC.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('586', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('593', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('629', 'TOTP', 'authn/authn.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.TOTP', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.TOTP.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('630', 'TOTP', 'authn/authn.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('637', 'TOTP', 'authn/authn.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.addDefaultPrincipals', 'BOOLEAN', null, null); \ No newline at end of file