...
- change the resources used, or more commonly add additional resources to supplement built-in defaults
- configure more specialized approaches such as Subversion resources or remote HTTP resources
- control how often to check for changes and reload configurations, if at all
V2 Compatibility
A similar function was performed by the services.xml file in 2.x, but in 3.0 this file is now a native Spring bean file and the older services XML schema is not supported or used.
Contents
...
Overview
The services.xml file contains a series of Spring bean lists "list" beans that specify the Spring Resources to load into various services. The lists are named with specific bean IDs that must not be changed, as these (see below) that direct the resources into the various services.
Properties
The following idp.properties may be set to control the reloading and fail-fast behavior of the various services. Missing properties will default a service to non-failfast and non-reloading behavior.
...
| language | text |
|---|
...
If you wish to supply your own resource lists without modifying the delivered lists, you may control the bean IDs used by modifying services.properties.
| Warning |
|---|
Do not remove any of the beans from services.xml unless you alter a corresponding property in services.properties to direct the service to a different resource list bean, or the IdP will fail to initialize with an error referencing the missing bean. |
Beans
Beans defined in services.xml follow:
| Bean ID | Type | Function | Reloadable Service ID |
|---|---|---|---|
| shibboleth.RelyingPartyResolverResources | java.uti.List | RelyingPartyConfiguration resources for a new or migrated installation. | shibboleth.RelyingPartyResolverService |
| shibboleth.LegacyRelyingPartyResolverResources | java.uti.List | RelyingPartyConfiguration using a deprecated V2 relying-party.xml file. | shibboleth.RelyingPartyResolverService |
| shibboleth.MetadataResolverResources | java.uti.List | MetadataConfiguration resources. | shibboleth.MetadataResolverService |
| shibboleth.AttributeResolverResources | java.uti.List | AttributeResolverConfiguration resources. | shibboleth.AttributeResolverService |
| shibboleth.AttributeFilterResources | java.uti.List | AttributeFilterConfiguration resources. | shibboleth.AttributeFilterService |
| shibboleth.NameIdentifierGenerationResources | java.uti.List | NameIDGenerationConfiguration resources. | shibboleth.NameIdentifierGenerationService |
| shibboleth.AccessControlResources | java.uti.List | AccessControlConfiguration resources. | shibboleth.ReloadableAccessControlService |
| shibboleth.MessageSourceResources | java.uti.List | Internationalizable user interface messages. | N/A |
Properties
Properties defined in services.properties follow:
| Property | Default | Function |
|---|---|---|
| idp.service.logging.resource | %{idp.home}/conf/logback.xml | |
| idp.service.logging.failFast | false | |
| idp.service.logging.checkInterval | 0 | |
| idp.service.relyingparty.resources | shibboleth.RelyingPartyResolverResources | |
| idp.service.relyingparty.failFast | false | |
| idp.service.relyingparty.checkInterval | 0 | |
| idp.service.metadata.resources | shibboleth.MetadataResolverResources | |
| idp.service.metadata.failFast | false | |
| idp.service.metadata.checkInterval | 0 | |
| idp.service.attribute.resolver.resources | shibboleth.AttributeResolverResources | |
| idp.service.attribute.resolver.failFast |
...
| false | ||
| idp.service.attribute.resolver.checkInterval |
...
| 0 | ||
| idp.service.attribute.filter.resources | shibboleth.AttributeFilterResources | |
| idp.service.attribute.filter.failFast |
...
| false | ||
| idp.service.attribute.filter.checkInterval |
...
| 0 | ||
| idp.service.nameidGeneration.resources | shibboleth.NameIdentifierGenerationResources | |
| idp.service.nameidGeneration.failFast |
...
| false | ||
| idp.service.nameidGeneration |
...
Notes
...
| .checkInterval | 0 | |
| idp.service.access.resources | shibboleth.AccessControlResources | |
| idp.service.access.failFast | false | |
| idp.service.access.checkInterval | 0 | |
| idp.message.resources | shibboleth.MessageSourceResources | |
| idp.message.cacheSeconds | 300 | |
idp.httpclient.connectionDisregardTLSCertificate | false | |
| idp.httpclient.connectionTimeout | -1 | |
| idp.httpclient.memorycaching.maxCacheEntries | 50 | |
| idp.httpclient.memorycaching.maxCacheEntrySize | 1048576 | |
| idp.httpclient.filecaching.maxCacheEntries | 100 | |
| idp.httpclient.filecaching.maxCacheEntrySize | 10485760 | |
idp.httpclient.filecaching.cacheDirectory | None |
Advanced Notes
You can use any kind of Resource supported by Spring, along with additional custom resource types provided with the IdP for handling Subversion, HTTP, and file-backed HTTP resources.
...