Property / Type / Default | Description |
|---|
idp.service.failFast Boolean false | Set default fail-fast behavior of all services unless overridden by service |
idp.service.logging.resource Resource path %{idp.home}/conf/logback.xml | Logging configuration resource to use (the reloadable service ID is "shibboleth.LoggingService") |
idp.service.logging.failFast Boolean true | Fail at startup if logging configuration is invalid |
idp.service.logging.checkInterval Duration 0 | Time to notice changes to logging configuration and reload service.
A value of 0 indicates that the logging configuration never reloads |
idp.service.relyingparty.resources Bean ID shibboleth.RelyingPartyResolverResources | Name of Spring bean identifying resources to use for RelyingPartyConfiguration |
idp.service.relyingparty.failFast Boolean false | Fail at startup if RelyingPartyConfiguration is invalid |
idp.service.relyingparty.checkInterval Duration 0 | Time to notice changes to RelyingPartyConfiguration and reload service
A value of 0 indicates that the relying party configuration never reloads |
idp.service.relyingparty.ignoreUnmappedEntityAttributes Boolean false | See MetadataDrivenConfiguration, SAML Attribute Name Format Usage |
idp.service.metadata.resources Bean ID shibboleth.MetadataResolverResources | Name of Spring bean identifying resources to use for MetadataConfiguration |
idp.service.metadata.failFast Boolean false | Fail at startup if MetadataConfiguration is invalid |
idp.service.metadata.checkInterval Duration 0 | Time to notice changes to MetadataConfiguration and reload service
A value of 0 indicates that the metadata configuration never reloads |
idp.service.metadata.enableByReferenceFilters Boolean true | Disabling this turns off internal support for the ByReferenceFilter feature, which provides a very small performance boost |
idp.service.attribute.registry.resources Bean ID shibboleth.AttributeRegistryResources | Name of Spring bean identifying resources to use for AttributeRegistryConfiguration |
idp.service.attribute.registry.failFast Boolean false | Fail at startup if AttributeRegistryConfiguration is invalid |
idp.service.attribute.registry.checkInterval Duration 0 | Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads |
idp.service.attribute.registry.encodeType Boolean true | Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry |
idp.service.attribute.resolver.resources Bean ID shibboleth.AttributeResolverResources | Name of Spring bean identifying resources to use for AttributeResolverConfiguration |
idp.service.attribute.resolver.failFast Boolean false | Fail at startup if AttributeResolverConfiguration is invalid |
idp.service.attribute.resolver.checkInterval Duration 0 | Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads |
idp.service.attribute.resolver.maskFailures Boolean true
| Whether attribute resolution failure should silently produce no attributes. or cause an overall profile request failure event |
idp.service.attribute.resolver.stripNulls Boolean false
| Whether null values should be stripped from the results of the attribute resolution.
This filtering happens prior to filtering and encoding, but after attribute resolution is complete.
To strip nulls during attribute resolution (so that they will be invisible to dependant attribute definitions) use
a SimpleAttributeDefinition and specify ignoreNullValues |
idp.service.attribute.resolver.suppressDisplayInfo 4.2 Boolean true | Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution.
As of from 4.2 this work is all done the display information is looked up at point of use (during the attribute consent flow) and so there should be no reason to revert this behavior unless using third party software which expect the IdPAttribute DisplayName and DisplayDescriptions to be pre-populated |
idp.service.attribute.filter.resources Bean ID shibboleth.AttributeFilterResources | Name of Spring bean identifying resources to use for AttributeFilterConfiguration |
idp.service.attribute.filter.failFast Boolean false | Fail at startup if AttributeFilterConfiguration is invalid |
idp.service.attribute.filter.checkInterval Duration 0 | Time to notice changes to AttributeFilterConfiguration and reload service
A value of 0 indicates that the attribute filter configuration never reloads |
idp.service.attribute.filter.maskFailures Boolean true | Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event |
idp.service.nameidGeneration.resources Bean ID shibboleth.NameIdentifierGenerationResources | Name of Spring bean identifying resources to use for NameIDGenerationConfiguration |
idp.service.nameidGeneration.failFast Boolean false | Fail at startup if NameIDGenerationConfiguration is invalid |
idp.service.nameidGeneration.checkInterval Duration 0 | Time to notice changes to NameIDGenerationConfiguration and reload service |
idp.service.access.resources Bean ID shibboleth.AccessControlResources | Name of Spring bean identifying resources to use for AccessControlConfiguration |
idp.service.access.failFast Boolean true | Fail at startup if AccessControlConfiguration is invalid |
idp.service.access.checkInterval Duration 0 | Time to notice changes to AccessControlConfiguration and reload service |
idp.service.cas.registry.resources Bean ID shibboleth.CASServiceRegistryResources | Name of Spring bean identifying resources to use for CASServiceRegistry configuration |
idp.service.cas.registry.failFast Boolean false
| Fail at startup if CASServiceRegistry configuration is invalid |
idp.service.cas.registry.checkInterval Duration 0 | Time to notice CASServiceRegistry configuration changes and reload service |
idp.service.managedBean.resources Bean ID shibboleth.ManagedBeanResources | Name of Spring bean identifying resources to use for ManagedBeanConfiguration |
idp.service.managedBean.failFast Boolean false | Fail at startup if ManagedBeanConfiguration is invalid |
idp.service.managedBean.checkInterval Duration 0 | Time to notice ManagedBeanConfiguration changes and reload service |
idp.message.resources Bean ID shibboleth.MessageSourceResources | Name of Spring bean identifying Spring message property resources |
idp.message.cacheSeconds Integer 300 | Seconds between reloads of message property resources |