Page Comparison

idp.session.trackSPSessions

Boolean

false

Whether to store references to SP sessions in the IdP session to support logout propagation

idp.session.secondaryServiceIndex

Boolean

false

Whether to store NameID backreferences in the IdP session to support SAML 2.0 logout

idp.logout.elaboration

Boolean

false

Whether to search metadata for user interface information associated with every service involved in logout propagation

idp.logout.authenticated

Boolean

true

Whether to require signed logout messages in accordance with the SAML 2.0 standard

idp.logout.promptUser

Bean ID of Predicate<ProfileRequestContext>

false

If the bean returns true, the user is given the option to actually cancel the IdP logout outright and prevent removal of the session

idp.artifact.enabled

Boolean

true

Controls use of HTTP-Artifact binding for outbound logout messages

idp.logout.preserveQuery ^4.1

Boolean

false

Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic

idp.logout.assumeAsync ^4.2

Boolean

false

When true, allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints

idp.logout.propagationHidden ^4.2

Boolean

false

Applies the "display:none" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user

idp.soap.httpClient ^4.2

Bean ID of HttpClient to use for SOAP-based logout

SOAPClient.HttpClient

Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)