...
Name | Type | Default | Description |
---|---|---|---|
artifactConfiguration | Bean named shibboleth.DefaultArtifactConfiguration | Customizes the use of SAML artifacts | |
signAssertions | Boolean | false | Whether to sign assertions |
Guidance
You shouldn't really need to modify this, as artifacts are rarely used anymore, and if they are, the default configuration suffices. The main reason you might change it is to switch a SAML 1.1 SSO configuration from Type 1 to Type 2 artifacts, but that's very obscure. If it ever comes up, we will provide an example.
With SAML 2.0, there is a valid case for customizing the configuration on a per-node basis by exposing dedicated resolution endpoints on each node, and making sure a node issues artifacts that will be resolved by that node. This is already exposed for you via the idp.artifact.endpointIndex property.
If you need to enable theĀ signAssertions
option, and you control the SP's metadata, you should generally add the WantAssertionsSigned
flag to it in place of using this option. Related, the idp.saml.honorWantAssertionsSigned property can be turned off to globally ignore that flag in metadata should you wish to do so.