...
If you want to customize this flow via XML or wish to apply settings not supported by properties, you can override the flow descriptor by creating your own bean (see the Flow Descriptor example in the Reference below. With this in place, you can add other properties to the bean (such as defaultAuthenticationMethods) to adjust behavior.
...
| Expand |
|---|
|
Name | Type | Description |
|---|
shibboleth.unlock-keys.KeyStrategies | Collection<DataSealerKeyStrategy> | Enumerates the key strategy beans used to supply secret key(s) to the IdP that should be unlocked by the flow | shibboleth.unlock-keys.Credentials | Collection<MutableCredential> | Enumerates the public key credentials that need to have an unlocked private key injected from the shibboleth.unlock-keys.PrivateKeys bean | shibboleth.unlock-keys.PrivateKeys | Collection<Resource> | Enumerates the resources containing private keys to unlock and inject into the credentials from the shibboleth.unlock-keys.Credentials bean |
|
...
| Expand |
|---|
|
To replace the internally defined flow descriptor bean, the following XML is required: | Code Block |
|---|
| <util:list id="shibboleth.AvailableAdminFlows">
<bean parent="shibboleth.OneTimeAdminFlow"
c:id="http://shibboleth.net/ns/profiles/unlock-keys"
p:loggingId="%{idp.unlock-keys.logging:UnlockKeys}"
p:policyName="%{idp.unlock-keys.accessPolicy:AccessDenied}"
p:nonBrowserSupported="%{idp.unlock-keys.nonBrowserSupported:false}"
p:authenticated="%{idp.unlock-keys.authenticated:true}"
p:resolveAttributes="%{idp.unlock-keys.resolveAttributes:false}" />
</util:list> |
In older versions and upgraded systems, this list is defined in conf/admin/general-admin.xml. Otherwise, no No default version of the list is provided and it may simply be placed in conf/global.xml if needed. |
...