To replace the internally defined flow descriptor bean, the following XML is required: Code Block |
---|
| <util:list id="shibboleth.AvailableAuthenticationFlows">
<bean p:id="authn/X509" parent="shibboleth.AuthenticationFlow"
p:order="%{idp.authn.X509.order:1000}"
p:nonBrowserSupported="%{idp.authn.X509.nonBrowserSupported:false}"
p:passiveAuthenticationSupported="%{idp.authn.X509.passiveAuthenticationSupported:false}"
p:forcedAuthenticationSupported="%{idp.authn.X509.forcedAuthenticationSupported:false}"
p:proxyRestrictionsEnforced="%{idp.authn.X509.proxyRestrictionsEnforced:%{idp.authn.enforceProxyRestrictions:true}}"
p:proxyScopingEnforced="%{idp.authn.X509.proxyScopingEnforced:false}"
p:discoveryRequired="%{idp.authn.X509.discoveryRequired:false}"
p:lifetime="%{idp.authn.X509.lifetime:%{idp.authn.defaultLifetime:PT1H}}"
p:inactivityTimeout="%{idp.authn.X509.inactivityTimeout:%{idp.authn.defaultTimeout:PT30M}}"
p:reuseCondition-ref="#{'%{idp.authn.X509.reuseCondition:shibboleth.Conditions.TRUE}'.trim()}"
p:activationCondition-ref="#{'%{idp.authn.X509.activationCondition:shibboleth.Conditions.TRUE}'.trim()}"
p:subjectDecorator-ref="#{getObject('%{idp.authn.X509.subjectDecorator:}'.trim())}">
<property name="supportedPrincipalsByString">
<bean parent="shibboleth.CommaDelimStringArray"
c:_0="#{'%{idp.authn.X509.supportedPrincipals:}'.trim()}" />
</property>
</bean>
</util:list> |
In older versions and upgraded systems, this list is defined in conf/authn/general-authn.xml. In V4.1+, no default version of the list is provided and it may simply be placed in conf/global.xml if needed. |