...
If you prefer to customize this flow via XML or wish to apply settings not supported by properties, you can override the flow descriptor by creating your own bean (see the Flow Descriptor example in the Reference below.
The defaults assume that the rule for accessing the flow is that the user must login first, attributes will be resolved, and that a map entry will be defined in conf/access-control.xml keyed under "AccessByAdminUser" that defines who can access the flow. The access control features are described under AccessControlConfiguration, and are obviously fully generic (even wide open if desired).
...
The user interface for this flow is supplied by the template in views/admin/hello.vm and the default view illustrates a simple dump of information from the authentication and attribute resolution process.
Reference
| Localtabgroup | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
The general properties configuring this flow via admin/admin.properties are:
| id | FDXML
| -live | ||
|---|---|---|
|
To replace the internally defined flow descriptor bean, the following XML is required:
| Code Block | ||
|---|---|---|
| ||
<util:list id="shibboleth.AvailableAdminFlows">
<bean parent="shibboleth.AdminFlow"
c:id="http://shibboleth.net/ns/profiles/hello"
p:loggingId="%{idp.hello.logging:Hello}"
p:policyName="%{idp.hello.accessPolicy:AccessByAdminUser}"
p:nonBrowserSupported="%{idp.hello.nonBrowserSupported:false}"
p:authenticated="%{idp.hello.authenticated:true}"
p:resolveAttributes="%{idp.hello.resolveAttributes:true}" />
</util:list> |
In older versions and upgraded systems, this list is defined in conf/admin/general-admin.xml. In V4.1+, no default version of the list is provided and it may simply be placed in conf/global.xml if needed.