The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.

PropertyReference

This is a work in progress.

The IdP relies on Spring properties (which in turn can be layered on a number of sources such as Java property files, JVM system properties, or environment variables) to inject certain configuration settings into system configuration files. Most of these are documented amongst the various topic-specific material where the properties are used but a few are lacking in appropriate mention.

The root property file loaded at startup is conf/idp.properties and properties are not reloaded after startup. The root property is "idp.home", which is used to locate the directory that contains that file, and so that property isn't actually in the file, but assumed to be defined already.

Name

Type

Default

Description

Name

Type

Default

Description

idp.additionalProperties

Comma-delimited paths



Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single, unordered set.

idp.entityID

See RelyingPartyConfiguration for reference.

idp.entityID.metadataFile

File pathname

%{idp.home}/metadata/idp-metadata.xml

Identifies the file to serve for requests to the IdP's "well-known metadata location"

idp.scope

See ScopedAttributeDefinition for reference.

idp.cookie.secure




See SecurityConfiguration for reference.

idp.cookie.httpOnly

idp.cookie.domain

idp.cookie.path

idp.cookie.maxAge

idp.cookie.sameSite

idp.csrf.enabled

See Cross-Site Request Forgery (CSRF) Protection for reference.

idp.csrf.token.parameter

idp.hsts



max-age=0

Auto-configures an HSTS response header

idp.frameoptions



DENY

Auto-configures an X-Frame-Options response header

idp.csp



frame-ancestors 'none';

Auto-configures a Content Security Policy response header

idp.webflows

Path

%{idp.home}/flows

Location from which to load user-supplied webflows from. See also SpringConfiguration

idp.views

Comma-delimited paths

%{idp.home}/views

Location from which to load user-modifiable Velocity view templates. This can be set to include "classpath*:/META-INF/net/shibboleth/idp/views" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading.

idp.sealer.keyStrategy


















See SecurityConfiguration for reference.




idp.sealer.storeType

idp.sealer.updateInterval

idp.sealer.aliasBase

idp.sealer.storeResource

idp.sealer.versionResource

idp.sealer.storePassword

idp.sealer.keyPassword

idp.signing.key

idp.signing.cert

idp.encryption.key

idp.encryption.cert

idp.encryption.key.2

idp.encryption.cert.2

idp.security.config

idp.signing.config

idp.encryption.config

idp.trust.signatures

idp.trust.certificates

idp.encryption.optional

idp.errors.detailed



See ErrorHandlingConfiguration for reference.

idp.errors.signed

idp.errors.excludedExceptions

idp.errors.exceptionMappings

idp.errors.defaultView

idp.storage.cleanupInterval

See StorageConfiguration for reference.

idp.storage.htmlLocalStorage

idp.session.enabled







See SessionConfiguration for reference.

idp.session.StorageService

idp.session.idSize

idp.session.consistentAddress

idp.session.consistentAddressCondition

idp.session.timeout

idp.session.slop

idp.session.maskStorageFailure

idp.session.trackSPSessions

idp.session.secondaryServiceIndex

idp.session.defaultSPlifetime

idp.authn.flows




See AuthenticationConfiguration for reference.

idp.authn.defaultLifetime

idp.authn.defaultTimeout

idp.authn.rpui

idp.authn.favorSSO

idp.authn.identitySwitchIsError

idp.consent.StorageService

















See ConsentConfiguration for reference.

idp.consent.attribute-release.userStorageKey

idp.consent.attribute-release.userStorageKeyAttribute

idp.consent.terms-of-use.userStorageKey

idp.consent.terms-of-use.userStorageKeyAttribute

idp.consent.terms-of-use.consentValueMessageCodeSuffix

idp.consent.allowDoNotRemember

idp.consent.allowGlobal

idp.consent.allowPerAttribute

idp.consent.compareValues

idp.consent.maxStoredRecords

idp.consent.expandedMaxStoredRecords

idp.consent.storageRecordLifetime

idp.logout.elaboration


See LogoutConfiguration for reference.

idp.logout.authenticated

idp.logout.promptUser

idp.policy.messageLifetime

See SecurityConfiguration for reference.

idp.policy.assertionLifetime

idp.policy.clockSkew

idp.replayCache.StorageService

See StorageConfiguration for reference.

idp.replayCache.strict

idp.artifact.enabled


See RelyingPartyConfiguration for reference.

idp.artifact.secureChannel

idp.artifact.endpointIndex

idp.artifact.StorageService

See StorageConfiguration for reference.

idp.ui.fallbackLanguages







idp.cas.StorageService


See CasProtocolConfiguration for reference.

idp.cas.serviceRegistryClass

idp.cas.relyingPartyIdFromMetadata

idp.fticks.*