The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.
ConfigurationFileSummary
The configuration file count is very large, partly due to supporting so many features, partly because we have created smaller units of configuration dealing with specific tasks, and partly because we've tried to expose a lot of options directly without requiring code changes or plugins. In practice, you should expect to interact with the same files as in earlier versions on a regular basis and you may never touch many of these files.
As of V4.1, many of the smaller files have been removed by default for new installs and are copied into place only after enabling a corresponding Module. This reduces the number of files to deal with or to ignore when not using less common features. These files are no longer mentioned here but will be noted where necessary in the documentation of particular features.
To help orient you, a summary of the general function of each file follows along with a tip for when or why you might care about it. The order is alphabetic, not based on the frequency of use.
The "RL?" column notes which files can be reloadable, but not necessarily which ones are since that depends on the "checkInterval" properties in services.properties.
File | RL? | Purpose | Â Tasks |
---|---|---|---|
Y | Controls access to administrative functions like the status page, resolver testing tool, service reloading, etc |
| |
Y | Attribute release policy controlling whether to return attributes to a requester or accept them from an issuer |
| |
Y | A new service for configuring mapping rules for converting between SAML/OIDC/CAS attributes and internal IdPAttribute definitions |
| |
Y | How attribute data is produced from LDAP, database, or other data sources, and how it's encoded into SAML or other formats (i.e., the formal name(s) used) |
| |
N | Controls general audit log behavior |
| |
Y | Configure private keys and certificates. |
| |
N | Error handling configuration, controls which "events" are mapped to SAML errors, and how to signal them |
| |
global.xml | N | A place to put globally visible custom Spring bean definitions, empty by default |
|
idp.properties | N | Java property file used to change common or important settings more easily |
|
N | Java property file with LDAP authentication and attribute lookup settings |
| |
Y | Logback logging configuration |
| |
Y | Configure sources of SAML metadata |
| |
mvc-beans.xml | N | A place to put custom bean definitions for the Spring MVC layer, not created by default |
|
Y | Controls which profiles are enabled for which relying parties and the profile settings used with them |
| |
N | Java property file with settings controlling SAML NameID generation and consumption |
| |
Y | Controls support for and generation/sourcing of SAML NameIDs |
| |
credentials/secrets.properties | N | Parking lot for any properties of a secret nature that should not be checked into configuration management tools |
|
N | Java property file with pointers to the resource collections that configure important services and settings controlling configuration reload policy |
| |
N | Controls the resources loaded to configure important services, and allows for advanced resource types such as subversion |
| |
N | Customization of administrative flows (replaces most of the need for general-admin.xml in previous versions) |
| |
N | Configures customizable instrumentation and reporting features |
| |
attributes/default-rules.xml | Y | Default mapping rules for "conventional" attributes in common or standard usage |
|
attributes/custom/Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â | N | A directory in which property-based attribute mapping rules can be dropped for local customization |
|
N | Establish relationships between authentication methods in terms of protocol-specific identifiers such as SAML AuthnContext classes |
| |
N | A webflow definition file for enumerating custom events to use as the result of custom authentication flows |
| |
N | Customization of authentication flows (replaces most of the need for general-authn.xml and many of the other authn-related XML files in previous versions) |
| |
N | A webflow definition file for enumerating custom events to use as the result of custom canonicalization flows |
| |
N | Controls most simple settings of particular post-login c14n methods (replaces most of the need for c14n-related XML files in previous versions) |
| |
N | Configures order of mechanisms for processing usernames after authentication, and for mapping SAML NameID values back into usernames |
| |
N | A webflow definition file for enumerating custom events to use as the result of custom intercept flows |
|