Versions Compared

Old Version 16

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 17

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Localtabgroup
Localtab
activetrue
titleProperties

Properties

Properties defined in saml-nameid.properties to customize various aspects of persistent NameID generation behavior follow:

Property / Type / DefaultFunction

idp.persistentId.generator
Bean ID of a PairwiseIdStore
shibboleth.ComputedPersistentIdGenerator

Identifies the strategy plugin for sourcing persistent IDs

idp.persistentId.dataSource
Bean ID of a JDBC DataSource

Identifies a data source for storage-based management of persistent IDs

idp.persistentId.computed
Bean ID of a PairwiseIdStore
shibboleth.ComputedPersistentIdGenerator

May be null, Identifies a strategy plugin to use to generate the first persistent identifier for each subject, used to migrate from the computed to stored strategies

idp.persistentId.sourceAttribute
Comma-delimited List

List of attributes to search for a value to uniquely identify the subject of a persistent identifier, it MUST be stable, long-lived, and non-reassignable

idp.persistentId.useUnfilteredAttributes          
Boolean
true

Whether or not the previous property has access to unreleased attributes

idp.persistentId.salt
String

A secret salt for the hash when using computed persistent IDs

idp.persistentId.encodedSalt
Base64-encoded String

An encoded form of the previous property

idp.persistentId.algorithm
String
SHA

The hash algorithm used when using computed persistent IDs

idp.persistentId.encoding
"BASE64" or "BASE32"
BASE64

The final encoding applied to the hash generated when using computed persistent IDs (BASE32 is strongly recommended for new installs)

idp.persistentId.exceptionMap
Bean ID
shibboleth.ComputedIdExceptionMap

Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services

idp.persistentId.queryTimeout 4.1
Duration
PT5S

Query timeout for database access

idp.persistentId.transactionRetries 4.1
Integer
3

Number of retries in the event database locking bugs cause retryable failures

idp.persistentId.retryableErrors 4.1
Comma-delimited list

23000,23505

List of error strings to identify as retryable failures

idp.persistentId.verifyDatabase 4.1
Boolean
true

When true, the connection and layout of the database is verified at bean initialization time and any failures are fatal.

idp.persistentId.tableName 4.1
String
"shibpid"

Overrides the name of the table in the database

idp.persistentId.localEntityColumn 4.1
String
"localEntity"

Overrides database column name

idp.persistentId.peerEntityColumn 4.1
String
"peerEntity"

Overrides database column name

idp.persistentId.principalNameColumn 4.1
String
"principalName"

Overrides database column name

idp.persistentId.sourceIdColumn 4.1
String
"localId"

Overrides database column name

idp.persistentId.persistentIdColumn 4.1
String
"persistentId"

Overrides database column name

idp.persistentId.peerProvidedIdColumn 4.1
String
"peerProvidedId"

Overrides database column name

idp.persistentId.createTimeColumn 4.1
String
"creationDate"

Overrides database column name

idp.persistentId.deactivationTimeColumn 4.1
String
"deactivationDate"

Overrides database column name
Localtab
titleBeans

Beans defined in saml-nameid.xml and related system configuration are as follows:

Bean IDTypeFunction
shibboleth.SAML2PersistentGeneratorSAML2NameIDGeneratorPlugin for generating persistent identifiers using pluggable strategy
shibboleth.ComputedPersistentIdGeneratorComputedPairwiseIdStoreStrategy plugin that generates persistent identifiers with a salted hash of an input value
shibboleth.StoredPersistentIdGeneratorJDBCPairwiseIdStoreStrategy plugin that generates persistent identifiers and stores them in a database identified by a DataSource
shibboleth.JDBCPersistentIdStore
JDBCPairwiseIdStoreLegacy parent bean for defining a JDBC store for persistent identifiers with additional customization not supported by existing properties; this is largely for compatibility, and shibboleth.StoredPersistentIdGenerator should usually be used as a parent bean now