The following beans are used to configure comparison rules for custom Principals to support rules for login flow selection when requests specify particular methods, as described in AuthenticationFlowSelection. It is quite rare to need to modify them. Bean ID | Type | Function |
|---|
shibboleth.AuthnComparisonRules | Map used as constructor argument to PrincipalEvalPredicateFactoryRegistry | Map of comparison rules | shibboleth.SAMLAuthnMethodExact
shibboleth.SAMLACClassRefExact
shibboleth.SAMLACDeclRefExact shibboleth.SAMLACClassRefMinimum
shibboleth.SAMLACDeclRefMinimum
shibboleth.SAMLACClassRefMaximum shibboleth.SAMLACDeclRefMaximum
shibboleth.SAMLACClassRefBetter
shibboleth.SAMLACDeclRefBetter | Pair<Class<? extends Principal>, String> | Pairs of custom Principal types and matching operators for all the SAML 1.1 and 2.0 principal and comparison types supported, used as keys for the shibboleth.AuthnComparisonRules map | shibboleth.ExactMatchFactory
shibboleth.InexactMatchFactory | PrincipalEvalPredicateFactory | Template beans for values of the shibboleth.AuthnComparisonRules map | shibboleth.BetterClassRefMatchFactory
shibboleth.MinimumClassRefMatchFactory
shibboleth.MaximumClassRefMatchFactory shibboleth.BetterDeclRefMatchFactory
shibboleth.MinimumDeclRefMatchFactory
shibboleth.MaximumDeclRefMatchFactory | PrincipalEvalPredicateFactory | Beans supplying matching rules for implementing SAML 2.0 "inexact" comparisons of AuthnContextClassRef or AuthnContextDeclRef constants | shibboleth.IgnoredContexts
| Collection<String> | A collection of SAML 2.0 AuthnContextClassRef or AuthnContextDeclRef values to ignore if found in an <AuthnRequest> message | shibboleth.PrincipalProxyRequestMappings | Map<Principal,Collection<Principal>> | Mapping rules for transforming values in requests into new values in proxied requests | shibboleth.PrincipalProxyResponseMappings | Map<Principal,Collection<Principal>> | Mapping rules for transforming values in proxied responses into new values |
|