...
The "RL?" column notes which files can be reloadable, but not necessarily which ones are since that depends on the "checkInterval" properties in services.properties.
File | RL? | Purpose | Tasks |
---|---|---|---|
access-control.xml | Y | Controls access to administrative functions like the status page, resolver testing tool, service reloading, etc |
|
attribute-filter.xml | Y | Attribute release policy controlling whether to return attributes to a requester |
|
attribute-resolver.xml | Y | How attribute data is produced from LDAP, database, or other data sources, and how it's encoded into SAML or other formats (i.e., the formal name(s) used) |
|
admin.xml 3.3 | N | Describes supported administrative flows to the IdP |
|
audit.xml | N | Controls general audit log behavior |
|
cas-protocol.xml | N | Configure CAS protocol features |
credentials.xml | Y | Configure private keys and certificates. This is unused after a V2 upgrade until the relying-party.xml file is (manually) converted from deprecated V2 format to V3 format. |
|
errors.xml | N | Error handling configuration, controls which "events" are mapped to SAML errors, and how to signal them |
|
global.xml | N | A place to put globally visible custom Spring bean definitions, empty by default |
|
idp.properties | N | Java property file used to change common or important settings more easily, and as a pointer to additional property sources |
|
ldap.properties | N | Java property file with LDAP authentication and attribute lookup settings |
|
logback.xml | Y | Logback logging configuration |
|
metadata-providers.xml | Y | Configure sources of SAML metadata (initially a copy of relying-party.xml after a V2 upgrade) |
|
mvc-beans.xml 3.2 | N | A place to put custom bean definitions for the Spring MVC layer, empty by default |
|
relying-party.xml | Y | Controls which profiles are enabled for which relying parties and the profile settings used with them |
|
saml-nameid.properties | N | Java property file with settings controlling SAML NameID generation and consumption |
|
saml-nameid.xml | Y | Controls generation of SAML NameIDs (a simpler replacement for the legacy capability to do this using AttributeEncoders) |
|
services.properties | N | Java property file with pointers to the resource collections that configure important services and settings controlling configuration reload policy |
|
services.xml | N | Controls the resources loaded to configure important services, and allows for advanced resource types such as subversion |
|
session-manager.xml | N | Configures behavior associated with session management but not handled with properties |
|
N | Describes supported administrative flows to the IdP |
| |
admin/ metrics.xml 3.3 | N | Configures customizable instrumentation and reporting features |
|
authn/ authn-comparison.xml | N | Establish relationships between authentication methods in terms of protocol-specific identifiers such as SAML AuthnContext classes |
|
authn/ authn-events-flow.xml | N | A webflow definition file for enumerating custom events to use as the result of custom authentication flows |
|
authn/ duo-authn-config.xml 3.3 | N | Configures Duo Security login flow |
|
authn/ duo.properties 3.3 | N | Java property file that holds Duo integration settings |
|
authn/ external-authn-config.xml | N | Configures External login flow (this is the comparable method to V2's External flow) |
|
authn/ general-authn.xml | N | Describes supported authentication flows to the IdP |
|
authn/ ipaddress-authn-config.xml | N | Configures IPAddress login flow |
|
authn/ jaas-authn-config.xml | N | Configures JAAS back-end for Password login flow (this is the comparable method to V2's UsernamePassword flow) |
|
authn/ jaas.config | N | Configures JAAS login modules to use with JAAS login flow |
|
authn/ krb5-authn-config.xml | N | Configures Kerberos back-end for Password login flow (this is a username/password validation flow, not a ticket- or desktop-based flow) |
|
authn/ ldap-authn-config.xml | N | Configures LDAP back-end for Password login flow (this is a native LDAP password validation flow) |
|
authn/ mfa-authn-config.xml 3.3 | N | Configures multi-factor authentication login flow |
|
authn/ password-authn-config.xml | N | Configures overall Password login flow |
|
authn/ remoteuser-authn-config.xml | N | Configures RemoteUser login flow (this is the comparable method to V2's RemoteUser flow) |
|
authn/ remoteuser-internal-authn-config.xml | N | Configures InternalRemoteUser login flow (this is similar to the V2 RemoteUser flow, but with no extra redirections) |
|
N | Configures SPNEGO login flow |
| |
authn/ x509-authn-config.xml | N | Configures the X509 login flow |
|
authn/ x509-internal-authn-config.xml | N | Configures the X509Internal login flow (this is the same as the regular one, but with no extra redirections) |
|
c14n/ attribute-sourced-subject-c14n-config.xml | N | Configures a mapping of the logged in username to an internal username based on resolving attributes from LDAP, a database, etc. |
|
c14n/ simple-subject-c14n-config.xml | N | Configures simple transforms of logged in username after authentication |
|
c14n/ subject-c14n-events-flow.xml | N | A webflow definition file for enumerating custom events to use as the result of custom canonicalization flows |
|
c14n/ subject-c14n.xml | N | Configures mechanisms for processing usernames after authentication, and for mapping SAML NameID values back into usernames |
|
c14n/ x500-subject-c14n-config.xml | N | Configures how to extract a username from end-user client certificates |
|
intercept/ consent-intercept-config.xml | N | Configures built-in attribute release and terms of use features |
|
intercept/ context-check-intercept-config.xml | N | Configures built-in flow that blocks a profile request if it meets (or doesn't meet) pluggable criteria, for example preventing SSO if an attribute is not available |
|
intercept/ expiring-password-intercept-config.xml 3.3 | N | Configures built-in flow that warns a user of an expiring password based on a resolved attribute |
|
intercept/ intercept-events-flow.xml | N | A webflow definition file for enumerating custom events to use as the result of custom intercept flows |
|
intercept/ -------------------------------------------------------- | N | Configures flows that are run at various defined points inside a profile flow to modify its behavior or change its results |
|
...