...
It follows that the includeAttributeStatement
property of the "Shibboleth.SSO" profile configuration can be set via a metadata Attribute named "http://shibboleth.net/ns/profiles/saml1/sso/browser/includeAttributeStatement
"
As an additional convention, a setting can be configured for all profiles simultaneously by prefixing it with the URL "http://shibboleth.net/ns/profiles
"
Tip |
---|
We reserve the right to define behavior for any current or future SAML Attributes named in the |
Localtabgroup | ||
---|---|---|
| ||
Localtab live | ||
active | true | |
Expand | ||
| ||
While the SAML Attribute As of V4, there is a property in conf/services.xml that is shipped enabled, but internally off by default for compatibility on upgrades. When idp.service.relyingparty.ignoreUnmappedEntityAttributes is true, which is suggested, the system will ignore any tags that have an improper A side effect of this setting is that the IdP will operate much faster in locating (or not locating) tags for all of its settings using decoded and indexed data instead of having to inefficiently search the native XML-based data structures for a match. As a result, it is strongly advised that the proper |
Expand | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||
The supplied implementations support various built-in type conversions supporting a natural mapping between simple XML syntax and Java data types. Different kinds of settings support particular XML syntaxes as described below. The only XML syntaxes supported are "simple content" models involving an
|
...
Code Block |
---|
<AttributeFilterPolicy id="Per-Attribute-singleValued"> <PolicyRequirementRule xsi:type="ANY"/> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="EntityAttributeExactMatch" attributeName="http://shibboleth.net/ns/attributes/releaseAllValues" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="eduPersonPrincipalName" /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="EntityAttributeExactMatch" attributeName="http://shibboleth.net/ns/attributes/releaseAllValues" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="mail" /> </AttributeRule> </AttributeFilterPolicy> |
Reference
...
Beans
Bean ID | Type | Function |
---|---|---|
RelyingParty.MDDriven | A template bean for use in defining metadata-driven RelyingParty overrides by hand | |
RelyingPartyByName.MDDriven | A template bean for defining metadata-driven RelyingParty overrides based on matching by name | |
RelyingPartyByGroup.MDDriven | A template bean for defining metadata-driven RelyingParty overrides based on matching by | |
RelyingPartyByEntitiesDescriptor.MDDriven 4.1 | A template bean for defining metadata-driven RelyingParty overrides based on matching by | |
RelyingPartyByTag.MDDriven | A template bean for defining metadata-driven RelyingParty overrides based on matching | |
RelyingPartyByMappedTag.MDDriven | A template bean for defining metadata-driven RelyingParty overrides based on matching | |
Shibboleth.SSO.MDDriven | Default metadata-driven configuration for SAML 1.1 SSO profile | |
SAML1.AttributeQuery.MDDriven | Default metadata-driven configuration for SAML 1.1 Attribute Query profile | |
SAML1.ArtifactResolution.MDDriven | Default metadata-driven configuration for SAML 1.1 Artifact Resolution profile | |
SAML2.SSO.MDDriven | Default metadata-driven configuration for SAML 2.0 SSO profile | |
SAML2.ECP.MDDriven | Default metadata-driven configuration for SAML 2.0 Enhanced Client/Proxy profile | |
SAML2.Logout.MDDriven | Default metadata-driven configuration for SAML 2.0 Single Logout profile | |
SAML2.AttributeQuery.MDDriven | Default metadata-driven configuration for SAML 2.0 Attribute Query profile | |
SAML2.ArtifactResolution.MDDriven | Default metadata-driven configuration for SAML 2.0 Artifact Resolution profile | |
Liberty.SSOS.MDDriven | Default metadata-driven configuration for Liberty ID-WSF Delegated SSO profile | |
CAS.LoginConfiguration.MDDriven | Default metadata-driven configuration for CAS login prototol | |
CAS.ProxyConfiguration.MDDriven | Default metadata-driven configuration for CAS proxy login protocol | |
CAS.ValidateConfiguration.MDDriven | Default metadata-driven configuration for CAS ticket validation protocol | |
shibboleth.DefaultMDProfileAliases | List<String> | A built-in list of alternate URL "prefixes" to property names, this is used to automate the generation of property tag names that apply to all profiles at the same time. |
shibboleth.MDProfileAliases | List<String> | An optional user-supplied list of additional URL prefixes to support custom property tag names |
shibboleth.MDDrivenStringProperty | Parent bean for defining new lookup strategies for string settings | |
shibboleth.MDDrivenBoolProperty | Parent bean for defining new lookup strategies for boolean settings | |
shibboleth.MDDrivenIntProperty | Parent bean for defining new lookup strategies for integer settings | |
shibboleth.MDDrivenLongProperty | Parent bean for defining new lookup strategies for long integer settings | |
shibboleth.MDDrivenDoubleProperty | Parent bean for defining new lookup strategies for double settings | |
shibboleth.MDDrivenDurationProperty | Parent bean for defining new lookup strategies for Duration settings | |
shibboleth.MDDrivenListProperty | Parent bean for defining new lookup strategies for List settings | |
shibboleth.MDDrivenSetProperty | Parent bean for defining new lookup strategies for Set settings | |
shibboleth.MDDrivenBeanProperty | Parent bean for defining new lookup strategies for arbitrary Spring bean settings |