Property | Default | Description |
|---|
idp.authn.Password.order | 1000 | Flow priority relative to other enabled login flows (lower is "higher" in priority) |
idp.authn.Password.nonBrowserSupported | true | Whether the flow should handle non-browser request profiles (e.g., ECP) |
idp.authn.Password.passiveAuthenticationSupported | true | Whether the flow allows for passive authentication |
idp.authn.Password.forcedAuthenticationSupported | true | Whether the flow supports forced authentication |
idp.authn.Password.proxyRestrictionsEnforced | %{idp.authn.enforceProxyRestrictions:true} | Whether the flow enforces upstream IdP-imposed restrictions on proxying |
idp.authn.Password.proxyScopingEnforced | false | Whether the flow considers itself to be proxying, and therefore enforces SP-signaled restrictions on proxying |
idp.authn.Password.discoveryRequired | false | Whether to invoke IdP-discovery prior to running flow |
idp.authn.Password.lifetime | %{idp.authn.defaultLifetime:PT1H} | Lifetime of results produced by this flow |
idp.authn.Password.inactivityTimeout | %{idp.authn.defaultTimeout:PT30M} | Inactivity timeout of results produced by this flow |
idp.authn.Password.reuseCondition | shibboleth.Conditions.TRUE | Bean ID of Predicate<ProfileRequestContext> controlling result reuse for SSO |
idp.authn.Password.activationCondition | shibboleth.Conditions.TRUE | Bean ID of Predicate<ProfileRequestContext> determining whether flow is usable for request |
idp.authn.Password.subjectDecorator |
| Bean ID of BiConsumer<ProfileRequestContext,Subject> for subject customization |
idp.authn.Password.supportedPrincipals | (see below) | Comma-delimited list of protocol-specific Principal strings associated with flow |
idp.authn.Password.addDefaultPrincipals | true | Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow |
idp.authn.Password.c14n.flows 5.2 | | Comma-delimited list of c14n methods (beans) to run after use of this login flow |