{"type":"doc","content":[{"type":"paragraph","content":[{"text":"Current File(s):","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"conf/authn/ipaddress-authn-config.xml, conf/authn/authn.properties ","type":"text","marks":[{"type":"em"}]},{"text":"(V4.1+)","type":"text"},{"type":"hardBreak"},{"text":"Format:","type":"text","marks":[{"type":"strong"}]},{"text":" Native Spring, Properties (V4.1+)","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"9cc873f6-0d23-4cc7-b618-5f303de2f12d"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"7e5d24ad-bd8f-479d-9df2-00a8b13037b1"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"The authn/IPAddress login flow applies the user agent's address to a mapping of address range(s) to username(s) as a form of pseudo-authentication. This isn't the same as authorizing access to something by address, because a real user identity is produced as a result.","type":"text"}]},{"type":"paragraph","content":[{"text":"This flow is implemented as a \"fall-through\" so that under normal error conditions (no address available, no valid mapping), it passes control back to select another flow to run, so it can easily be combined with other methods. Of course, as shipped, the IdP will communicate that the form of authentication done was not based on a password.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Enabling Module (V4.1+)","type":"text"}]},{"type":"paragraph","content":[{"text":"For V4.1+, configuring and using this feature requires that you first enable the \"idp.authn.IPAddress\" module if it isn't already enabled. Systems upgraded from older releases generally come pre-enabled due to the prior state of the configuration tree.","type":"text"}]},{"type":"codeBlock","content":[{"text":"(Windows)\nC:\\opt\\shibboleth-idp> bin\\module.bat -t idp.authn.IPAddress || bin\\module.bat -e idp.authn.IPAddress\n \n(Other)\n$ bin/module.sh -t idp.authn.IPAddress || bin/module.sh -e idp.authn.IPAddress","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"General Configuration","type":"text"}]},{"type":"paragraph","content":[{"text":"Use ","type":"text"},{"text":"conf/authn/ipaddress-authn-config.xml","type":"text","marks":[{"type":"em"}]},{"text":" to configure this flow.","type":"text"}]},{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"shibboleth.authn.IPAddress.Mappings","type":"text","marks":[{"type":"strong"}]},{"text":" bean is the map between usernames and lists of CIDR address ranges. An ","type":"text"},{"text":"IP CIDR Calculator","type":"text","marks":[{"type":"link","attrs":{"href":"http://www.subnet-calculator.com/cidr.php"}}]},{"text":" may help in calculating the CIDR notation for an IP range. Note that en empty map, which is the default, essentially makes this flow non-operable in practice.","type":"text"}]},{"type":"paragraph","content":[{"text":"The following example maps only the IPv4 and IPv6 localhost addresses to the name \"jdoe\":","type":"text"}]},{"type":"codeBlock","content":[{"text":" \n \n \n 127.0.0.1/32\n ::1/128\n \n \n ","type":"text"}]},{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"shibboleth.authn.IPAddress.Transforms","type":"text","marks":[{"type":"strong"}]},{"text":" bean allows for address transformations before comparing them to the address ranges, essentially a kind of on-the-fly address translation. A transform is a Pair object containing a regular expression and a replacement expression.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Reference","type":"text"}]},{"type":"expand","attrs":{"title":"Beans (V4.0)"},"content":[{"type":"paragraph","content":[{"text":"The beans defined in ","type":"text"},{"text":"authn/ipaddress-authn-config.xml","type":"text","marks":[{"type":"em"}]},{"text":" follow:","type":"text"}]},{"type":"table","attrs":{"layout":"full-width","localId":"5a1159af-4e8f-4d34-839d-7b9353b711fe"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"Bean ID","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Type","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[64.0]},"content":[{"type":"paragraph","content":[{"text":"Default","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[262.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.authn.IPAddress.Mappings","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Map","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.Map?module=java.sql"}}]},{"text":"<","type":"text"},{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String?module=java.sql"}}]},{"text":",","type":"text"},{"text":"List","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.List?module=java.sql"}}]},{"text":"<","type":"text"},{"text":"IPRange","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-support.cgi/net.shibboleth.utilities.java.support.net.IPRange"}}]},{"text":">>","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[64.0]},"content":[{"type":"paragraph","content":[{"text":"Empty Map","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[262.0]},"content":[{"type":"paragraph","content":[{"text":"The entry values are a list of CIDR address range strings to map to the username in the entry key","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.authn.IPAddress.Transforms","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"List","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.List?module=java.sql"}}]},{"text":"<","type":"text"},{"text":"Pair","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-support.cgi/net.shibboleth.utilities.java.support.collection.Pair"}}]},{"text":"<","type":"text"},{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String?module=java.sql"}}]},{"text":",","type":"text"},{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String?module=java.sql"}}]},{"text":">>","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[64.0]},"content":[{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[262.0]},"content":[{"type":"paragraph","content":[{"text":"Pairs of regular expressions and replacement expressions to apply to the username","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.authn.IPAddress.resultCachingPredicate","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Predicate","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.function.Predicate?module=java.sql"}}]},{"text":"<","type":"text"},{"text":"ProfileRequestContext","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-opensaml.cgi/org.opensaml.profile.context.ProfileRequestContext"}}]},{"text":">","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[64.0]},"content":[{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[262.0]},"content":[{"type":"paragraph","content":[{"text":"An optional bean that can be defined to control whether to preserve the authentication result in an IdP session","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.authn.IPAddress.addDefaultPrincipals","type":"text"},{"type":"hardBreak"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Boolean","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.Boolean?module=java.sql"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[64.0]},"content":[{"type":"paragraph","content":[{"text":"true","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[262.0]},"content":[{"type":"paragraph","content":[{"text":"Whether to add the content of the ","type":"text"},{"text":"supportedPrincipals","type":"text","marks":[{"type":"code"}]},{"text":" property of the underlying flow descriptor to the resulting Subject","type":"text"}]}]}]}]}]},{"type":"expand","attrs":{"title":"Beans (V4.1+)"},"content":[{"type":"paragraph","content":[{"text":"The beans defined in ","type":"text"},{"text":"authn/ipaddress-authn-config.xml","type":"text","marks":[{"type":"em"}]},{"text":" follow:","type":"text"}]},{"type":"table","attrs":{"layout":"full-width","localId":"b1acc128-179b-4c0e-9157-28790a98718a"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[422.0]},"content":[{"type":"paragraph","content":[{"text":"Bean ID","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[293.0]},"content":[{"type":"paragraph","content":[{"text":"Type","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[72.0]},"content":[{"type":"paragraph","content":[{"text":"Default","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[499.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[422.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.authn.IPAddress.Mappings","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[293.0]},"content":[{"type":"paragraph","content":[{"text":"Map","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.Map?module=java.sql"}}]},{"text":"<","type":"text"},{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String?module=java.sql"}}]},{"text":",","type":"text"},{"text":"List","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.List?module=java.sql"}}]},{"text":"<","type":"text"},{"text":"IPRange","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-support.cgi/net.shibboleth.utilities.java.support.net.IPRange"}}]},{"text":">>","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[72.0]},"content":[{"type":"paragraph","content":[{"text":"Empty Map","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[499.0]},"content":[{"type":"paragraph","content":[{"text":"The entry values are a list of CIDR address range strings to map to the username in the entry key","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[422.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.authn.IPAddress.Transforms","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[293.0]},"content":[{"type":"paragraph","content":[{"text":"List","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.List?module=java.sql"}}]},{"text":"<","type":"text"},{"text":"Pair","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-support.cgi/net.shibboleth.utilities.java.support.collection.Pair"}}]},{"text":"<","type":"text"},{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String?module=java.sql"}}]},{"text":",","type":"text"},{"text":"String","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.lang.String?module=java.sql"}}]},{"text":">>","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[72.0]},"content":[{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[499.0]},"content":[{"type":"paragraph","content":[{"text":"Pairs of regular expressions and replacement expressions to apply to the username","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[422.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.authn.IPAddress.resultCachingPredicate","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[293.0]},"content":[{"type":"paragraph","content":[{"text":"Predicate","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.function.Predicate?module=java.sql"}}]},{"text":"<","type":"text"},{"text":"ProfileRequestContext","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-opensaml.cgi/org.opensaml.profile.context.ProfileRequestContext"}}]},{"text":">","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[72.0]},"content":[{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[499.0]},"content":[{"type":"paragraph","content":[{"text":"An optional bean that can be defined to control whether to preserve the authentication result in an IdP session","type":"text"}]}]}]}]}]},{"type":"expand","attrs":{"title":"Properties (V4.1+)"},"content":[{"type":"paragraph","content":[{"text":"The general properties configuring this flow via ","type":"text"},{"text":"authn/authn.properties","type":"text","marks":[{"type":"em"}]},{"text":" are:","type":"text"}]},{"type":"table","attrs":{"layout":"full-width","localId":"c317798f-14c0-49ad-874d-af5ee6c31a87"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"Default","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.order","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"1000","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.nonBrowserSupported","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"true","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Whether the flow should handle non-browser request profiles (e.g., ECP)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.passiveAuthenticationSupported","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"true","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Whether the flow allows for passive authentication","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.forcedAuthenticationSupported","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"false","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Whether the flow supports forced authentication","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.proxyRestrictionsEnforced","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"%{idp.authn.enforceProxyRestrictions:true}","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Whether the flow enforces upstream IdP-imposed restrictions on proxying","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.proxyScopingEnforced","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"false","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Whether the flow considers itself to be proxying, and therefore enforces SP-signaled restrictions on proxying","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.discoveryRequired","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"false","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Whether to invoke IdP-discovery prior to running flow","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.lifetime","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"%{idp.authn.defaultLifetime:PT60S}","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Lifetime of results produced by this flow","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.inactivityTimeout","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"%{idp.authn.defaultTimeout:PT60S}","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Inactivity timeout of results produced by this flow","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.reuseCondition","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.Conditions.TRUE","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Bean ID of ","type":"text"},{"text":"Predicate","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.function.Predicate"}}]},{"text":"<","type":"text"},{"text":"ProfileRequestContext","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-opensaml.cgi/org.opensaml.profile.context.ProfileRequestContext"}}]},{"text":"> controlling result reuse for SSO","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.activationCondition","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"shibboleth.Conditions.TRUE","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Bean ID of ","type":"text"},{"text":"Predicate","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.function.Predicate"}}]},{"text":"<","type":"text"},{"text":"ProfileRequestContext","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-opensaml.cgi/org.opensaml.profile.context.ProfileRequestContext"}}]},{"text":"> determining whether flow is usable for request","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.subjectDecorator","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Bean ID of ","type":"text"},{"text":"BiConsumer","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.function.BiConsumer"}}]},{"text":"<","type":"text"},{"text":"ProfileRequestContext","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-opensaml.cgi/org.opensaml.profile.context.ProfileRequestContext"}}]},{"text":",","type":"text"},{"text":"Subject","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/javax.security.auth.Subject"}}]},{"text":"> for subject customization","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.supportedPrincipals","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"(see below)","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Comma-delimited list of protocol-specific ","type":"text"},{"text":"Principal","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.security.Principal"}}]},{"text":" strings associated with flow","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"idp.authn.IPAddress.addDefaultPrincipals","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[343.0]},"content":[{"type":"paragraph","content":[{"text":"true","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[469.0]},"content":[{"type":"paragraph","content":[{"text":"Whether to auto-attach the preceding set of ","type":"text"},{"text":"Principal","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.security.Principal"}}]},{"text":" objects to each ","type":"text"},{"text":"Subject","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/javax.security.auth.Subject"}}]},{"text":" produced by this flow","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"text":"As a non-password based flow, the ","type":"text"},{"text":"supportedPrincipals","type":"text","marks":[{"type":"code"}]},{"text":" property defaults to the following XML:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n \n","type":"text"}]},{"type":"paragraph","content":[{"text":"In property form, this is expressed as:","type":"text"}]},{"type":"codeBlock","content":[{"text":"idp.authn.IPAddress.supportedPrincipals = \\\n saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol","type":"text"}]},{"type":"paragraph","content":[{"text":"SAML 1 does not define an AuthenticationMethod constant for this kind of authentication, so only a SAML 2 AuthnContextClassRef is applied. An \"unspecified\" method constant will be used with SAML 1 unless otherwise configured.","type":"text"}]}]},{"type":"expand","attrs":{"title":"Flow Descriptor XML (V4.1+)"},"content":[{"type":"paragraph","content":[{"text":"To replace the internally defined flow descriptor bean, the following XML is required:","type":"text"}]},{"type":"codeBlock","content":[{"text":"\n \n \n \n \n \n \n \n","type":"text"}]},{"type":"paragraph","content":[{"text":"In older versions and upgraded systems, this list is defined in ","type":"text"},{"text":"conf/authn/general-authn.xml","type":"text","marks":[{"type":"em"}]},{"text":". In V4.1+, no default version of the list is provided and it may simply be placed in ","type":"text"},{"text":"conf/global.xml","type":"text","marks":[{"type":"em"}]},{"text":" if needed.","type":"text"}]}]},{"type":"paragraph"}],"version":1}

Browser not supported