...
The beans defined in authn/jaas-authn-config.xml follow:
Bean ID | Type | Default | Function |
---|---|---|---|
JAASConfig | String | %{idp.home}/conf/authn/jaas.config | Defines a Spring Resource containing the JAAS config. Normally this just points to a file in the filesystem |
shibboleth.authn.JAAS.JAASConfigURI | java.net.URI | JAASConfig.URI | Defines the URI object containing the JAAS configuration |
shibboleth.authn.JAAS.LoginConfigNames | Collection<String> | [ "ShibUserPassAuth" ] | Simple list of JAAS application configuration names to use |
shibboleth.authn.JAAS.LoginConfigurations 3.3 | Collection<Pair<String,Subject>> |
Static list of JAAS application |
configuration names along with mappings to custom Principals | |
shibboleth.authn.JAAS.LoginConfigStrategy 3.3 | Function (see above) |
For advanced use, you can inject a function to supply at runtime the information that the previous bean would supply statically |
V2 Compatibility
JAAS configuration is independent of the IdP and is therefore identical with the use of JAAS in the V2 UsernamePassword handler. By default this configuration is placed in authn/jaas.config and the legacy-matching "ShibUserPassAuth" login configuration name is used (though this can be changed).
...
This is not a comprehensive list, but it does include the most commonly used configuration arguments.
vt-ldap | ldaptive | comments |
---|---|---|
ldapUrl | ldapUrl |
host | N/A | use ldapUrl |
port | N/A | use ldapUrl |
timeout | connectTimeout |
N/A | responseTimeout |
baseDn | baseDn |
base | N/A | use baseDn |
tls | useStartTLS |
ssl | useSSL |
sslSocketFactory | credentialConfig |
userField | N/A | use userFilter |
userFilter | userFilter |
subtreeSearch | subtreeSearch |
authorizationFilter | N/A |
constructDn | N/A | use dnResolver |
allowMultipleDns | allowMultipleDns |
bindDn | bindDn |
serviceUser | N/A | use bindDn |
bindCredential | bindCredential |
serviceCredential | N/A | use bindCredential |
dnResolver | dnResolver |
userRoleAttribute | userRoleAttribute |
...
Notes
TBD