Versions Compared

Old Version 4

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

By default this feature is available at the relative path /idp/profile/admin/hello

In addition, use of this module relies on the use of Javascript, so you will have to select and install one of our scripting plugins for that purpose due to Java’s removal of Javascript support.

Configuration

The flow is functional by default but some of its behavior can be adjusted via admin/admin.properties. Note however that this file is ignored by upgraded systems unless  steps noted in the AdministrativeConfiguration topic are taken to allow it to be found and loaded. Absent this, the flow will operate with default values of each property.

...

Expand
titleProperties

The general properties configuring this flow via admin/admin.properties are:

Name

Default

Description

idp.Hello.logging

Hello

Audit log identifier for flow

idp.Hello.accessPolicy

AccessByAdminUser

Name of access control policy for request authorization

idp.Hello.authenticated

true

Whether authentication should be performed prior to access control evaluation

idp.Hello.nonBrowserSupported

false

Whether the flow should allow for non-browser clients during authentication

idp.Hello.resolveAttributes

true

Whether attributes should be resolved prior to access control evaluation

idp.Hello.defaultAuthenticationMethods

Comma-delimited list of protocol-specific Principal strings to require from authentication to this flow

idp.Hello.postAuthenticationFlows

Comma separated list of post authentication interceptor flows that should be run

Expand
titleFlow Descriptor XML

To replace the internally defined flow descriptor bean, the following XML is required:

Code Block
languagexml
<util:list id="shibboleth.AvailableAdminFlows">
 
    <bean parent="shibboleth.AdminFlow"
            c:id="http://shibboleth.net/ns/profiles/hello"
            p:loggingId="%{idp.hello.logging:Hello}"
            p:policyName="%{idp.hello.accessPolicy:AccessByAdminUser}"
            p:nonBrowserSupported="%{idp.hello.nonBrowserSupported:false}"
            p:authenticated="%{idp.hello.authenticated:true}"
            p:resolveAttributes="%{idp.hello.resolveAttributes:true}">
        <property name="postAuthenticationFlows">
            <bean parent="shibboleth.CommaDelimStringArray"
              p:postAuthenticationFlows="%{idp.Hello.postAuthenticationFlows  c:_0="#{'%{idp.hello.postAuthenticationFlows:}'.trim()}" />
        </property>
        <property name="defaultAuthenticationMethodsByString">
            <bean parent="shibboleth.CommaDelimStringArray"
                c:_0="#{'%{idp.hello.defaultAuthenticationMethods:}'.trim()}" />
        </property>
    </bean>

</util:list>

No default version of the list bean is provided and it may simply be placed in conf/global.xml if needed.