Versions Compared

Version Old Version 6 New Version 7
Changes made by

Scott Cantor

Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleBeans (IdP Discovery)

The following beans are used to configure IdP Discovery when proxying.

Bean ID

Type

Function

shibboleth.authn.discoveryURLStrategy

Function<ProfileRequestContext,String>

Function to apply to produce a Discovery Service URL to use instead of relying on a property for a static value

shibboleth.authn.discoveryRequestFunction

BiFunction<
RequestContext,
ProfileRequestContext,
String
>

BiFunction that overrides the built-in mechanism that generates the redirect to the Discovery Service with a deployer-supplied version

shibboleth.authn.entityIDForDiscoveryStrategy 5.1

Function<ProfileRequestContext,String>

Function to produce the entityID to use in the request to the DS in the event a default determination is not sufficient

Expand
titleBeans (Flow Selection)

The following beans are used to configure comparison rules for custom Principals to support rules for login flow selection when requests specify particular methods, as described in AuthenticationFlowSelection. It is quite rare to need to modify them.

Bean ID

Type

Function

shibboleth.AuthnComparisonRules

Map used as constructor argument to PrincipalEvalPredicateFactoryRegistry

Map of comparison rules

shibboleth.SAMLAuthnMethodExact
shibboleth.SAMLACClassRefExact
shibboleth.SAMLACDeclRefExact

shibboleth.SAMLACClassRefMinimum
shibboleth.SAMLACDeclRefMinimum
shibboleth.SAMLACClassRefMaximum

shibboleth.SAMLACDeclRefMaximum
shibboleth.SAMLACClassRefBetter
shibboleth.SAMLACDeclRefBetter

Pair<Class<? extends Principal>, String>

Pairs of custom Principal types and matching operators for all the SAML 1.1 and 2.0 principal and comparison types supported, used as keys for the shibboleth.AuthnComparisonRules map

shibboleth.ExactMatchFactory
shibboleth.InexactMatchFactory

PrincipalEvalPredicateFactory

Template beans for values of the shibboleth.AuthnComparisonRules map

shibboleth.BetterClassRefMatchFactory
shibboleth.MinimumClassRefMatchFactory
shibboleth.MaximumClassRefMatchFactory

shibboleth.BetterDeclRefMatchFactory
shibboleth.MinimumDeclRefMatchFactory
shibboleth.MaximumDeclRefMatchFactory

PrincipalEvalPredicateFactory

Beans supplying matching rules for implementing SAML 2.0 "inexact" comparisons of AuthnContextClassRef or AuthnContextDeclRef constants

shibboleth.IgnoredContexts

Collection<String>

A collection of SAML 2.0 AuthnContextClassRef or AuthnContextDeclRef values to ignore if found in an <AuthnRequest> message

shibboleth.PrincipalProxyRequestMappings

Map<Principal,Collection<Principal>>

Mapping rules for transforming values in requests into new values in proxied requests

shibboleth.PrincipalProxyResponseMappings

Map<Principal,Collection<Principal>>

Mapping rules for transforming values in proxied responses into new values

...