...
| Warning |
|---|
Do not remove any of the beans from services.xml unless you alter a corresponding property in services.properties to direct the service to a different resource list bean, or the IdP will fail to initialize with an error referencing the missing bean. |
Reloading Services
In addition to the "checkInterval" properties listed below to automatically reload services, you may reload a service at any time using the reload-service command line utility and the service ID. The service IDs are shown below in the Beans table (excluding the logging service, which is "shibboleth.LoggingService").
| Code Block |
|---|
$ ./reload-service.sh -id shibboleth.AttributeResolverService |
Beans
Beans defined in services.xml follow:
...
Properties defined in services.properties follow:
| Property | Type | Default | Function |
|---|---|---|---|
| idp.service.logging.resource | Resource path | %{idp.home}/conf/logback.xml | Logging configuration resource to use |
| idp.service.logging.failFast | Boolean | false | Fail at startup if logging configuration is invalid |
| idp.service.logging.checkInterval | Duration | 0 | Time to notice changes to logging configuration and reload service |
| idp.service.relyingparty.resources | Bean ID | shibboleth.RelyingPartyResolverResources | Name of Spring bean identifying resources to use for RelyingPartyConfiguration service |
| idp.service.relyingparty.failFast | Boolean | false | Fail at startup if RelyingPartyConfiguration is invalid |
| idp.service.relyingparty.checkInterval | Duration | 0 | Time to notice changes to RelyingPartyConfiguration configuration and reload service |
| idp.service.metadata.resources | Bean ID | shibboleth.MetadataResolverResources | Name of Spring bean identifying resources to use for MetadataConfiguration service |
| idp.service.metadata.failFast | Boolean | false | Fail at startup if MetadataConfiguration is invalid |
| idp.service.metadata.checkInterval | Duration | 0 | Time to notice changes to MetadataConfiguration configuration and reload service |
| idp.service.attribute.resolver.resources | Bean ID | shibboleth.AttributeResolverResources | Name of Spring bean identifying resources to use for AttributeResolverConfiguration service |
| idp.service.attribute.resolver.failFast | Boolean | false | Fail at startup if AttributeResolverConfiguration is invalid |
| idp.service.attribute.resolver.checkInterval | Duration | 0 | Time to notice changes to AttributeResolverConfiguration configuration and reload service |
| idp.service.attribute.filter.resources | Bean ID | shibboleth.AttributeFilterResources | Name of Spring bean identifying resources to use for AttributeFilterConfiguration service |
| idp.service.attribute.filter.failFast | Boolean | false | Fail at startup if AttributeFilterConfiguration is invalid |
| idp.service.attribute.filter.checkInterval | Duration | 0 | Time to notice changes to AttributeFilterConfiguration configuration and reload service |
| idp.service.nameidGeneration.resources | Bean ID | shibboleth.NameIdentifierGenerationResources | Name of Spring bean identifying resources to use for NameIDGenerationConfiguration service |
| idp.service.nameidGeneration.failFast | Boolean | false | Fail at startup if NameIDGenerationConfiguration is invalid |
| idp.service.nameidGeneration.checkInterval | Duration | 0 | Time to notice changes to NameIDGenerationConfiguration configuration and reload service |
| idp.service.access.resources | Bean ID | shibboleth.AccessControlResources | Name of Spring bean identifying resources to use for AccessControlConfiguration service |
| idp.service.access.failFast | Boolean | false | Fail at startup if AccessControlConfiguration is invalid |
| idp.service.access.checkInterval | Duration | 0 | Time to notice changes to AccessControlConfiguration configuration and reload service |
| idp.message.resources | Bean ID | shibboleth.MessageSourceResources | Name of Spring bean identifying Spring message property resources |
| idp.message.cacheSeconds | Integer | 300 | Seconds between reloads of message property resources |
idp.httpclient.connectionDisregardTLSCertificate | Boolean | false | Whether to ignore TLS certificates by default when loading an HTTPResource |
| idp.httpclient.connectionTimeout | Integer | -1 | Default connection timeout for HTTPResource (-1 for none) |
| idp.httpclient.memorycaching.maxCacheEntries | Integer | 50 | Maximum number of cache entries when using the "shibboleth.MemoryCachingHttpClient" bean |
| idp.httpclient.memorycaching.maxCacheEntrySize | Integer | 1048576 | Maximum size of cache when using the "shibboleth.MemoryCachingHttpClient" bean |
| idp.httpclient.filecaching.maxCacheEntries | Integer | 100 | Maximum number of cache entries when using the "shibboleth.FileCachingHttpClient" bean |
| idp.httpclient.filecaching.maxCacheEntrySize | Integer | 10485760 | Maximum size of cache when using the "shibboleth.FileCachingHttpClient" bean |
idp.httpclient.filecaching.cacheDirectory | File path | None | Directory location of cache when using the "shibboleth.FileCachingHttpClient" bean |
Advanced Notes
You can use any kind of Resource supported by Spring, along with additional custom resource types provided with the IdP for handling Subversion
...
and
...
HTTP resources.
...