...
Name | Type | Default | Description |
---|---|---|---|
idp.additionalProperties | Comma-delimited paths | Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single, unordered set. | |
idp.entityID | See RelyingPartyConfiguration for reference. | ||
idp.entityID.metadataFile | File pathname | %{idp.home}/metadata/idp-metadata.xml | Identifies the file to serve for requests to the IdP's "well-known metadata location" |
idp.scope | See ScopedAttributeDefinition for reference. | ||
idp.cookie.secure |
| ||
idp.cookie.httpOnly | |||
idp.cookie.domain | |||
idp.cookie.path | |||
idp.cookie.maxAge | |||
idp.cookie.sameSite | |||
idp.csrf.enabled | See Cross-Site Request Forgery (CSRF) Protection for reference. | ||
idp.csrf.token.parameter | |||
idp.hsts | max-age=0 | Auto-configures an HSTS response header | |
idp.frameoptions | DENY | Auto-configures an X-Frame-Options response header | |
idp.csp | frame-ancestors 'none'; | Auto-configures a Content Security Policy response header | |
idp.webflows | Path | %{idp.home}/flows | Location from which to load user-supplied webflows from. See also SpringConfiguration |
idp.views | Comma-delimited paths | %{idp.home}/views | Location from which to load user-modifiable Velocity view templates. This can be set to include "classpath*:/META-INF/net/shibboleth/idp/views" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading. |
idp.sealer.keyStrategy | See SecurityConfiguration for reference. | ||
idp.sealer.storeType | |||
idp.sealer.updateInterval | |||
idp.sealer.aliasBase | |||
idp.sealer.storeResource | |||
idp.sealer.versionResource | |||
idp.sealer.storePassword | |||
idp.sealer.keyPassword | |||
idp.signing.key | |||
idp.signing.cert | |||
idp.encryption.key | |||
idp.encryption.cert | |||
idp.encryption.key.2 | |||
idp.encryption.cert.2 | |||
idp.security.config | |||
idp.signing.config | |||
idp.encryption.config | |||
idp.trust.signatures | |||
idp.trust.certificates | |||
idp.encryption.optional | |||
idp.errors.detailed |
| ||
idp.errors.signed | |||
idp.errors.excludedExceptions | |||
idp.errors.exceptionMappings | |||
idp.errors.defaultView | |||
idp.storage.cleanupInterval | See StorageConfiguration for reference. | ||
idp.storage.htmlLocalStorage | |||
idp.session.enabled |
| ||
idp.session.StorageService | |||
idp.session.idSize | |||
idp.session.consistentAddress | |||
idp.session.consistentAddressCondition | |||
idp.session.timeout | |||
idp.session.slop | |||
idp.session.maskStorageFailure | |||
idp.session.trackSPSessions | |||
idp.session.secondaryServiceIndex | |||
idp.session.defaultSPlifetime | |||
idp.authn.flows |
| ||
idp.authn.defaultLifetime | |||
idp.authn.defaultTimeout | |||
idp.authn.rpui | |||
idp.authn.favorSSO | |||
idp.authn.identitySwitchIsError | |||
idp.consent.StorageService | See ConsentConfiguration for reference. | ||
idp.consent.attribute-release.userStorageKey | |||
idp.consent.attribute-release.userStorageKeyAttribute | |||
idp.consent.terms-of-use.userStorageKey | |||
idp.consent.terms-of-use.userStorageKeyAttribute | |||
idp.consent.terms-of-use.consentValueMessageCodeSuffix | |||
idp.consent.allowDoNotRemember | |||
idp.consent.allowGlobal | |||
idp.consent.allowPerAttribute | |||
idp.consent.compareValues | |||
idp.consent.maxStoredRecords | |||
idp.consent.expandedMaxStoredRecords | |||
idp.consent.storageRecordLifetime | |||
idp.logout.elaboration |
| ||
idp.logout.authenticated | |||
idp.logout.promptUser | |||
idp.policy.messageLifetime | See SecurityConfiguration for reference. | ||
idp.policy.assertionLifetime | |||
idp.policy.clockSkew | |||
idp.replayCache.StorageService | See StorageConfiguration for reference. | ||
idp.replayCache.strict | |||
idp.artifact.enabled |
| ||
idp.artifact.secureChannel | |||
idp.artifact.endpointIndex | |||
idp.artifact.StorageService | See StorageConfiguration for reference. | ||
idp.ui.fallbackLanguages | |||
idp.cas.StorageService |
| ||
idp.cas.serviceRegistryClass | |||
idp.cas.relyingPartyIdFromMetadata | |||
idp.fticks.* | |||