- 
                Notifications
    You must be signed in to change notification settings 
- Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
  
          Merge branch 'develop' into bugfix/SHIBUI-2421
        
    - Loading branch information
      Showing
      220 changed files
      with
      11,081 additions
      and
      3,499 deletions.
    
  
  There are no files selected for viewing
  
    
      This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
              
  
    
      This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
              
  
    
      This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
              | Original file line number | Diff line number | Diff line change | 
|---|---|---|
| @@ -0,0 +1,166 @@ | ||
| #spring: | ||
| # jpa: | ||
| # show-sql: false | ||
| # properties: | ||
| # hibernate: | ||
| # format_sql: true | ||
| # dialect: org.hibernate.dialect.PostgreSQL95Dialect | ||
| # OR SEE: https://access.redhat.com/webassets/avalon/d/red-hat-jboss-enterprise-application-platform/7.2/javadocs/org/hibernate/dialect/package-summary.html | ||
|  | ||
| #shibui: | ||
| ## Default password must be set for the default user to be configured and setup | ||
| # default-rootuser:root | ||
| ## need to include the encoding for the password - be sure to quote the entire value as shown | ||
| # default-password: "{noop}foopassword" | ||
| # pac4j-enabled: true | ||
| # pac4j: | ||
| # keystorePath: "/etc/shibui/samlKeystore.jks" | ||
| # keystorePassword: "changeit" | ||
| # privateKeyPassword: "changeit" | ||
| # serviceProviderEntityId: "https://idp.example.com/shibui" | ||
| # serviceProviderMetadataPath: "/etc/shibui/sp-metadata.xml" | ||
| # identityProviderMetadataPath: "/etc/shibui/idp-metadata.xml" | ||
| # forceServiceProviderMetadataGeneration: false | ||
| # callbackUrl: "https://localhost:8443/callback" | ||
| # postLogoutURL: "https://idp.example.com/idp/profile/Logout" # Must set this to get IDP logout | ||
| # maximumAuthenticationLifetime: 3600000 | ||
| # requireAssertedRoleForNewUsers: false | ||
| # saml2ProfileMapping: | ||
| # username: urn:oid:0.9.2342.19200300.100.1.1 | ||
| # firstname: urn:oid:2.5.4.42 | ||
| # lastname: urn:oid:2.5.4.4 | ||
| # email: urn:oid:0.9.2342.19200300.100.1.3 | ||
| # groups: urn:oid:1.3.6.1.4.1.5923.1.5.1.1 # attributeId - isMemberOf | ||
| # roles: --define name of the attribute containing the incoming user roles-- | ||
|  | ||
| custom: | ||
| attributes: | ||
| # Default attributes | ||
| - name: eduPersonPrincipalName | ||
| displayName: label.attribute-eduPersonPrincipalName | ||
| - name: uid | ||
| displayName: label.attribute-uid | ||
| - name: mail | ||
| displayName: label.attribute-mail | ||
| - name: surname | ||
| displayName: label.attribute-surname | ||
| - name: givenName | ||
| displayName: label.attribute-givenName | ||
| - name: eduPersonAffiliation | ||
| displayName: label.attribute-eduPersonAffiliation | ||
| - name: eduPersonScopedAffiliation | ||
| displayName: label.attribute-eduPersonScopedAffiliation | ||
| - name: eduPersonPrimaryAffiliation | ||
| displayName: label.attribute-eduPersonPrimaryAffiliation | ||
| - name: eduPersonEntitlement | ||
| displayName: label.attribute-eduPersonEntitlement | ||
| - name: eduPersonAssurance | ||
| displayName: label.attribute-eduPersonAssurance | ||
| - name: eduPersonUniqueId | ||
| displayName: label.attribute-eduPersonUniqueId | ||
| - name: employeeNumber | ||
| displayName: label.attribute-employeeNumber | ||
| # Custom attributes | ||
|  | ||
| # The following contains a map of "relying party overrides". | ||
| # The structure of an entry is as follows: | ||
| # - name: The name of the entry. used to uniquely identify this entry. | ||
| # displayName: This will normally be the label used when displaying this override in the UI | ||
| # displayType: The type to use when displaying this option | ||
| # helpText: This is the help-icon hover-over text | ||
| # defaultValues: One or more values to be displayed as default options in the UI | ||
| # persistType: Optional. If it is necessary to persist something different than the override's display type, | ||
| # set that type here. For example, display a boolean, but persist a string. | ||
| # persistValue: Required only when persistType is used. Defines the value to be persisted. | ||
| # attributeName: This is the name of the attribute to be used in the xml. This is assumed to be a URI. | ||
| # attributeFriendlyName: This is the friendly name associated with the above attributeName. | ||
| # | ||
| # It is imperative when defining these that the "displayType" and "persistType" are known types. | ||
| # Typos or unsupported values here will result in that override being skipped! | ||
| # Supported types are as follows: boolean, integer, string, set, list | ||
| # Note that "persistType" doesn't have to match "displayType". However, the only unmatching combination currently | ||
| # supported is a "displayType" of "boolean" and "persistType" of "string". | ||
| overrides: | ||
| # Default overrides | ||
| - name: signAssertion | ||
| displayName: label.sign-the-assertion | ||
| displayType: boolean | ||
| helpText: tooltip.sign-assertion | ||
| attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signAssertions | ||
| attributeFriendlyName: signAssertions | ||
| - name: dontSignResponse | ||
| displayName: label.dont-sign-the-response | ||
| displayType: boolean | ||
| helpText: tooltip.dont-sign-response | ||
| attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses | ||
| attributeFriendlyName: signResponses | ||
| invert: true | ||
| - name: turnOffEncryption | ||
| displayName: label.turn-off-encryption-of-response | ||
| displayType: boolean | ||
| helpText: tooltip.turn-off-encryption | ||
| attributeName: http://shibboleth.net/ns/profiles/encryptAssertions | ||
| attributeFriendlyName: encryptAssertions | ||
| invert: true | ||
| - name: useSha | ||
| displayName: label.use-sha1-signing-algorithm | ||
| displayType: boolean | ||
| helpText: tooltip.usa-sha-algorithm | ||
| persistType: string | ||
| persistValue: shibboleth.SecurityConfiguration.SHA1 | ||
| attributeName: http://shibboleth.net/ns/profiles/securityConfiguration | ||
| attributeFriendlyName: securityConfiguration | ||
| - name: ignoreAuthenticationMethod | ||
| displayName: label.ignore-any-sp-requested-authentication-method | ||
| displayType: boolean | ||
| helpText: tooltip.ignore-auth-method | ||
| persistType: string | ||
| persistValue: 0x1 | ||
| attributeName: http://shibboleth.net/ns/profiles/disallowedFeatures | ||
| attributeFriendlyName: disallowedFeatures | ||
| - name: omitNotBefore | ||
| displayName: label.omit-not-before-condition | ||
| displayType: boolean | ||
| helpText: tooltip.omit-not-before-condition | ||
| attributeName: http://shibboleth.net/ns/profiles/includeConditionsNotBefore | ||
| attributeFriendlyName: includeConditionsNotBefore | ||
| invert: true | ||
| - name: responderId | ||
| displayName: label.responder-id | ||
| displayType: string | ||
| helpText: tooltip.responder-id | ||
| attributeName: http://shibboleth.net/ns/profiles/responderId | ||
| attributeFriendlyName: responderId | ||
| - name: nameIdFormats | ||
| displayName: label.nameid-format-to-send | ||
| displayType: set | ||
| helpText: tooltip.nameid-format | ||
| defaultValues: | ||
| - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | ||
| - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress | ||
| - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent | ||
| - urn:oasis:names:tc:SAML:2.0:nameid-format:transient | ||
| attributeName: http://shibboleth.net/ns/profiles/nameIDFormatPrecedence | ||
| attributeFriendlyName: nameIDFormatPrecedence | ||
| - name: authenticationMethods | ||
| displayName: label.authentication-methods-to-use | ||
| displayType: set | ||
| helpText: tooltip.authentication-methods-to-use | ||
| defaultValues: | ||
| - https://refeds.org/profile/mfa | ||
| - urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken | ||
| - urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport | ||
| attributeName: http://shibboleth.net/ns/profiles/defaultAuthenticationMethods | ||
| attributeFriendlyName: defaultAuthenticationMethods | ||
| - name: forceAuthn | ||
| displayName: label.force-authn | ||
| displayType: boolean | ||
| helpText: tooltip.force-authn | ||
| attributeName: http://shibboleth.net/ns/profiles/forceAuthn | ||
| attributeFriendlyName: forceAuthn | ||
| - name: ignoreRequestSignatures | ||
| displayName: label.ignore-request-signatures | ||
| displayType: boolean | ||
| helpText: tooltip.ignore-request-signatures | ||
| attributeName: http://shibboleth.net/ns/profiles/ignoreRequestSignatures | ||
| attributeFriendlyName: ignoreRequestSignatures | 
  
    
      This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
              
      
      Oops, something went wrong.