changes.mady.by.user Clemens Bergmann
Saved on Jan 18, 2022
changes.mady.by.user Scott Cantor
Saved on Mar 10, 2022
...
Name
Type
Default
Description
idp.session.trackSPSessions
Boolean
false
Whether to store references to SP sessions in the IdP session to support logout propagation
idp.session.secondaryServiceIndex
Whether to store NameID backreferences in the IdP session to support SAML 2.0 logout
idp.logout.elaboration
Whether to search metadata for user interface information associated with every service involved in logout propagation
idp.logout.authenticated
true
Whether to require signed logout messages in accordance with the SAML 2.0 standard
idp.logout.promptUser
Bean ID of Predicate<ProfileRequestContext>
If the bean returns true, the user is given the option to actually cancel the IdP logout outright and prevent removal of the session
idp.artifact.enabled
Controls use of HTTP-Artifact binding for outbound logout messages
idp.logout.preserveQuery 4.1
Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic
idp.logout.assumeAsync 4.2
When true, allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints
idp.logout.propagationHidden 4.2
Applies the "display:none" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user
idp.soap.httpClient 4.2
Bean ID of HttpClient to use for SOAP-based logout
SOAPClient.HttpClient
Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)
The following may be defined in conf/global.xml if needed.
shibboleth.PlaintextNameIDFormats 4.2
Set<String>
urn:oasis:names:tc:SAML:2.0:nameid-format:entity
Set of <NameID> Formats which need not be encrypted in messages, notwithstanding other settings
<NameID>