Options common to most/all profiles:

Name

Type

Default

Description

securityConfiguration   

SecurityConfiguration

Bean named shibboleth.DefaultSecurityConfiguration

An object containing all of the default security-related objects needed for peer authentication and encryption. See SecurityConfiguration for complete details.

disallowedFeatures

Integer

0

A bitmask of features to disallow, the mask values being specific to individual profiles

inboundInterceptorFlows

List<String>

Ordered list of profile interceptor flows to run prior to message processing

outboundInterceptorFlows

List<String>

Ordered list of profile interceptor flows to run prior to outbound message handling

Guidance

Modifying the security configuration is usually done to:

The two interceptor lists allow the much less commonly used profile interceptor injection points to be used. This is largely a Java-based way of doing very low-level sorts of “message rewriting” hackery that might otherwise be impossible to pull off. One use case for the inbound side might be picking up non-standard parameters in a SAML request.