Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The UI is also, to our understanding, not accessible and is apparently impossible to make accessible. Whether true or not, it definitely is not by default and no fixes for this have been provided. It is believed that hiding the propagation status reporting is accessible, and a the idp.logout.propagationHidden 4.2 property exists in V4.2+ to hide this reporting from the user both for accessibility and because of the large number of false positives and negatives that are typically encountered.

...

Expand
titleProperties

Name

Type

Default

Description

idp.session.trackSPSessions

Boolean

false

Whether to store references to SP sessions in the IdP session to support logout propagation

idp.session.secondaryServiceIndex

Boolean

false

Whether to store NameID backreferences in the IdP session to support SAML 2.0 logout

idp.logout.elaboration

Boolean

false

Whether to search metadata for user interface information associated with every service involved in logout propagation

idp.logout.authenticated

Boolean

true

Whether to require signed logout messages in accordance with the SAML 2.0 standard

idp.logout.promptUser

Bean ID of Predicate<ProfileRequestContext>

false

If the bean returns true, the user is given the option to actually cancel the IdP logout outright and prevent removal of the session

idp.artifact.enabled

Boolean

true

Controls use of HTTP-Artifact binding for outbound logout messages

idp.logout.preserveQuery 4.1

Boolean

false

Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic

idp.logout.assumeAsync 4.2

Boolean

false

When true, allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints

idp.logout.propagationHidden 4.2

Boolean

false

Applies the "display:none" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user

idp.soap.httpClient 4.2

Bean ID of HttpClient to use for SOAP-based logout

SOAPClient.HttpClient

Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)

Expand
titleBeans

The following may be defined in conf/global.xml if needed.

Name

Type

Default

Description

shibboleth.PlaintextNameIDFormats 4.2

                                                                              

Set<String>

urn:oasis:names:tc:SAML:2.0:nameid-format:entity

Set of <NameID> Formats which need not be encrypted in messages, notwithstanding other settings

...