File(s): conf/services.xml, conf/services.properties
...
| Bean ID | Type | Function | Reloadable Service ID |
|---|---|---|---|
| shibboleth.RelyingPartyResolverResources | java.uti.List<Resource> | RelyingPartyConfiguration resources for a new or migrated installation. | shibboleth.RelyingPartyResolverService |
| shibboleth.LegacyRelyingPartyResolverResources | java.uti.List<Resource> | RelyingPartyConfiguration using a deprecated V2 relying-party.xml file. | shibboleth.RelyingPartyResolverService |
| shibboleth.MetadataResolverResources | java.uti.List<Resource> | MetadataConfiguration resources. | shibboleth.MetadataResolverService |
| shibboleth.AttributeResolverResources | java.uti.List<Resource> | AttributeResolverConfiguration resources. | shibboleth.AttributeResolverService |
| shibboleth.AttributeFilterResources | java.uti.List<Resource> | AttributeFilterConfiguration resources. | shibboleth.AttributeFilterService |
| shibboleth.NameIdentifierGenerationResources | java.uti.List<Resource> | NameIDGenerationConfiguration resources. | shibboleth.NameIdentifierGenerationService |
| shibboleth.AccessControlResources | java.uti.List<Resource> | AccessControlConfiguration resources. | shibboleth.ReloadableAccessControlService |
| shibboleth.MessageSourceResources | java.uti.List<Resource> | Internationalizable user interface messages. | N/A |
| shibboleth.CASServiceRegistryResources3.2 | java.uti.List<Resource> | Resources containing ServiceRegistry beans to be reloaded. | shibboleth.ReloadableCASServiceRegistry |
...
| Property | Type | Default | Function |
|---|---|---|---|
| idp.service.failFast3.2 | Boolean | false | Set default fail-fast behavor of all services unless overridden by service |
| idp.service.logging.resource | Resource path | %{idp.home}/conf/logback.xml | Logging configuration resource to use (the reloadable service ID is "shibboleth.LoggingService") |
| idp.service.logging.failFast | Boolean | true | Fail at startup if logging configuration is invalid |
| idp.service.logging.checkInterval | Duration | 0 | Time to notice changes to logging configuration and reload service. A value of 0 indicates that the logging configuration never reloads |
| idp.service.relyingparty.resources | Bean ID | shibboleth.RelyingPartyResolverResources | Name of Spring bean identifying resources to use for RelyingPartyConfiguration service |
| idp.service.relyingparty.failFast | Boolean | false | Fail at startup if RelyingPartyConfiguration is invalid |
| idp.service.relyingparty.checkInterval | Duration | 0 | Time to notice changes to RelyingPartyConfiguration configuration and reload service A value of 0 indicates that the relying party configuration never reloads |
| idp.service.metadata.resources | Bean ID | shibboleth.MetadataResolverResources | Name of Spring bean identifying resources to use for MetadataConfiguration service |
| idp.service.metadata.failFast | Boolean | false | Fail at startup if MetadataConfiguration is invalid |
| idp.service.metadata.checkInterval | Duration | 0 | Time to notice changes to MetadataConfiguration configuration and reload service A value of 0 indicates that the metadata configuration never reloads |
| idp.service.attribute.resolver.resources | Bean ID | shibboleth.AttributeResolverResources | Name of Spring bean identifying resources to use for AttributeResolverConfiguration service |
| idp.service.attribute.resolver.failFast | Boolean | false | Fail at startup if AttributeResolverConfiguration is invalid |
| idp.service.attribute.resolver.checkInterval | Duration | 0 | Time to notice changes to AttributeResolverConfiguration configuration and reload service A value of 0 indicates that the attribute resolver configuration never reloads |
| idp.service.attribute.resolver.maskFailures3.1 | Boolean | true | Whether attribute resolution failure should silently produce no attributes (the V2 behavior), or cause an overall profile request failure event |
| idp.service.attribute.filter.resources | Bean ID | shibboleth.AttributeFilterResources | Name of Spring bean identifying resources to use for AttributeFilterConfiguration service |
| idp.service.attribute.filter.failFast | Boolean | false | Fail at startup if AttributeFilterConfiguration is invalid |
| idp.service.attribute.filter.checkInterval | Duration | 0 | Time to notice changes to AttributeFilterConfiguration configuration and reload service A value of 0 indicates that the attribute filter configuration never reloads |
| idp.service.attribute.filter.maskFailures3.1 | Boolean | true | Whether attribute filtering failure should silently produce no attributes (the V2 behavior), or cause an overall profile request failure event |
| idp.service.nameidGeneration.resources | Bean ID | shibboleth.NameIdentifierGenerationResources | Name of Spring bean identifying resources to use for NameIDGenerationConfiguration service |
| idp.service.nameidGeneration.failFast | Boolean | false | Fail at startup if NameIDGenerationConfiguration is invalid |
| idp.service.nameidGeneration.checkInterval | Duration | 0 | Time to notice changes to NameIDGenerationConfiguration configuration and reload service |
| idp.service.access.resources | Bean ID | shibboleth.AccessControlResources | Name of Spring bean identifying resources to use for AccessControlConfiguration service |
| idp.service.access.failFast | Boolean | true | Fail at startup if AccessControlConfiguration is invalid |
| idp.service.access.checkInterval | Duration | 0 | Time to notice changes to AccessControlConfiguration configuration and reload service |
| idp.service.cas.registry.resources3.2 | Bean ID | shibboleth.CASServiceRegistryResources | Name of Spring bean identifying resources to use for CAS service registry configuration |
| idp.service.cas.registry.failFast3.2 | Boolean | false | Fail at startup if CAS service registry configuration is invalid |
| idp.service.cas.registry.checkInterval3.2 | Duration | 0 | Time to notice CAS service registry configuration changes and reload service |
| idp.message.resources | Bean ID | shibboleth.MessageSourceResources | Name of Spring bean identifying Spring message property resources |
| idp.message.cacheSeconds | Integer | 300 | Seconds between reloads of message property resources |
| idp.httpclient.useTrustEngineTLSSocketFactory3.1 | Boolean | false | Whether to substitute a custom certificate evaluation process for the built-in Java behavior |
idp.httpclient.connectionDisregardTLSCertificate | Boolean | false | Whether to ignore TLS certificates by default when loading an HTTPResource |
| idp.httpclient.connectionTimeout | Integer | -1 | Default connection timeout for HTTPResource (-1 for none) |
| idp.httpclient.memorycaching.maxCacheEntries | Integer | 50 | Maximum number of cache entries when using the "shibboleth.MemoryCachingHttpClient" bean |
| idp.httpclient.memorycaching.maxCacheEntrySize | Integer | 1048576 | Maximum size of cache when using the "shibboleth.MemoryCachingHttpClient" bean |
| idp.httpclient.filecaching.maxCacheEntries | Integer | 100 | Maximum number of cache entries when using the "shibboleth.FileCachingHttpClient" bean |
| idp.httpclient.filecaching.maxCacheEntrySize | Integer | 10485760 | Maximum size of cache when using the "shibboleth.FileCachingHttpClient" bean |
idp.httpclient.filecaching.cacheDirectory | File path | Directory location of cache when using the "shibboleth.FileCachingHttpClient" bean |
...
A similar function was performed by the services.xml file in 2.x, but in 3.0 this file is now a native Spring bean file and the older services XML schema is not supported or used.
Additionally, the V2 ResourceFilter feature is also not supported, so if you're using the Property Replacement Filter feature, you will need to adjust at least some of your configuration files. In most cases (but not always) you can leverage the Spring property replacement mechanism by changing the syntax slightly.
Advanced Notes
You can use any kind of Resource supported by Spring, along with additional custom resource types provided with the IdP for handling Subversion and HTTP resources.