Most native SP configuration files are implemented as "reloadable" resources, which gives them a common set of capabilities. In most cases, components with detailed configurations (i.e. more than just a single element) can be configured using any of:
/etc/shibboleth
shibboleth2.xml
)When not inline, various common attributes can be used to control (or disable) the monitoring and reloading of information when it changes. When inline, the entire shibboleth2.xml
configuration is itself a reloadable resource.
No matter which method of access is used, the XML instance being referenced typically has a common root element that depends on the component being configured, so the actual XML varies by component.
url
(absolute URL)uri
(absolute URL)url
.path
(local pathname)pathname
(local pathname)path
.file
(local pathname)path
.filename
(local pathname)path
.validate
(boolean) (defaults to false)reloadChanges
(boolean) (defaults to true)path
attribute (or a synonym) is used, the local file is monitored for changes and reloaded dynamically. This incurs some runtime overhead for locking, so should be disabled if not needed.reloadInterval
(time in seconds)url
attribute (or a synonym) is used, this attribute sets the time between attempts to download a fresh copy of the resource. If omitted or 0, no reloading occurs. This incurs some runtime overhead for locking, so should be disabled if not needed.backingFilePath
(local pathname)url
attribute (or a synonym) is used, the downloaded resource is copied to this location. If the software is started and the remote resource is unavailable or invalid, the backing file is loaded instead and all the configured filters are run on the backing file.Version 2.4 and Above
id
(string)certificate
(local pathname)signerName
(string)<TrustEngine>
used to verify a top-level signature over the resource. A certificate containing the name must be available in the verification process (typically inside the signature).When supplying configuration inline, a single child element is typically required, but the exact element depends on the component being configured.
Version 2.2 and Above
For remote resources, you may supply <TransportOption>
elements to control the behavior of the transport layer used to fetch the resource. This can be used to adjust timeouts, for example.
Version 2.4 and Above
For remote resources, you may supply one of the following elements (or the certificate
attribute as a shorthand) to require the presence of a top-level signature over the entire resource and to control the verification process:
<CredentialResolver>
(optional)<TrustEngine>
(optional)