Current File(s): conf/services.xml, services.properties
Format: Native Spring
Legacy V2 File(s): conf/services.xml
The services.xml file is used to specify many of the other configuration files (or more generally, Spring Resources) to load to configure various important services within the IdP. The services.properties file provides a less granular way to identify the Spring beans containing the lists of resources, and also controls the dynamic reloading behavior of those services.
You might modify these files to:
- change the resources used, or more commonly add additional resources to supplement built-in defaults
- configure more specialized approaches such as Subversion resources or remote HTTP resources
- control how often to check for changes and reload configurations, if at all
V2 Compatibility
A similar function was performed by the services.xml file in 2.x, but in 3.0 this file is now a native Spring bean file and the older services XML schema is not supported or used.
Overview
The services.xml file contains a series of "list" beans that specify the Spring Resources to load into various services. The lists are named with specific bean IDs (see below) that direct the resources into the various services. If you wish to supply your own resource lists without modifying the delivered lists, you may control the bean IDs used by modifying services.properties.
Do not remove any of the beans from services.xml unless you alter a corresponding property in services.properties to direct the service to a different resource list bean, or the IdP will fail to initialize with an error referencing the missing bean.
Beans
Beans defined in services.xml follow:
| Bean ID | Type | Function | Reloadable Service ID |
|---|---|---|---|
| shibboleth.RelyingPartyResolverResources | java.uti.List | RelyingPartyConfiguration resources for a new or migrated installation. | shibboleth.RelyingPartyResolverService |
| shibboleth.LegacyRelyingPartyResolverResources | java.uti.List | RelyingPartyConfiguration using a deprecated V2 relying-party.xml file. | shibboleth.RelyingPartyResolverService |
| shibboleth.MetadataResolverResources | java.uti.List | MetadataConfiguration resources. | shibboleth.MetadataResolverService |
| shibboleth.AttributeResolverResources | java.uti.List | AttributeResolverConfiguration resources. | shibboleth.AttributeResolverService |
| shibboleth.AttributeFilterResources | java.uti.List | AttributeFilterConfiguration resources. | shibboleth.AttributeFilterService |
| shibboleth.NameIdentifierGenerationResources | java.uti.List | NameIDGenerationConfiguration resources. | shibboleth.NameIdentifierGenerationService |
| shibboleth.AccessControlResources | java.uti.List | AccessControlConfiguration resources. | shibboleth.ReloadableAccessControlService |
| shibboleth.MessageSourceResources | java.uti.List | Internationalizable user interface messages. | N/A |
Properties
Properties defined in services.properties follow:
| Property | Default | Function |
|---|---|---|
| idp.service.logging.resource | %{idp.home}/conf/logback.xml | |
| idp.service.logging.failFast | false | |
| idp.service.logging.checkInterval | 0 | |
| idp.service.relyingparty.resources | shibboleth.RelyingPartyResolverResources | |
| idp.service.relyingparty.failFast | false | |
| idp.service.relyingparty.checkInterval | 0 | |
| idp.service.metadata.resources | shibboleth.MetadataResolverResources | |
| idp.service.metadata.failFast | false | |
| idp.service.metadata.checkInterval | 0 | |
| idp.service.attribute.resolver.resources | shibboleth.AttributeResolverResources | |
| idp.service.attribute.resolver.failFast | false | |
| idp.service.attribute.resolver.checkInterval | 0 | |
| idp.service.attribute.filter.resources | shibboleth.AttributeFilterResources | |
| idp.service.attribute.filter.failFast | false | |
| idp.service.attribute.filter.checkInterval | 0 | |
| idp.service.nameidGeneration.resources | shibboleth.NameIdentifierGenerationResources | |
| idp.service.nameidGeneration.failFast | false | |
| idp.service.nameidGeneration.checkInterval | 0 | |
| idp.service.access.resources | shibboleth.AccessControlResources | |
| idp.service.access.failFast | false | |
| idp.service.access.checkInterval | 0 | |
| idp.message.resources | shibboleth.MessageSourceResources | |
| idp.message.cacheSeconds | 300 | |
idp.httpclient.connectionDisregardTLSCertificate | false | |
| idp.httpclient.connectionTimeout | -1 | |
| idp.httpclient.memorycaching.maxCacheEntries | 50 | |
| idp.httpclient.memorycaching.maxCacheEntrySize | 1048576 | |
| idp.httpclient.filecaching.maxCacheEntries | 100 | |
| idp.httpclient.filecaching.maxCacheEntrySize | 10485760 | |
idp.httpclient.filecaching.cacheDirectory | None |
Advanced Notes
You can use any kind of Resource supported by Spring, along with additional custom resource types provided with the IdP for handling Subversion, HTTP, and file-backed HTTP resources.