The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.

PropertyDrivenInstallation

Owned by Rod Widdowson
Last updated: May 15, 2023
3 min read

The installation process can be controlled by setting properties on the command line.   These are detailed below.

In general, only the "usual" properties are of interest.  The advanced properties are listed for completeness and are like to be useful mostly to people writing installation  packages (for instance Federation Operators).  

The best & definitive documentation for these properties is the code itself.

In V5 this will continue to work, but please track the V5 IdP Installer page for potential changes

Property

Used During

Description

Property

Used During

Description

idp.target.dir

All Operations

Where the installation is.  In non-initial installs this defaults to a location derived from the the file used to invoked the installer

idp.entityID

Installation

The EntityID being created at install time

idp.host.name

Installation

The host name of the IdP being created. This is used to generate metadata and also in certificate generation

idp.scope

Installation

The scope to assert

idp.keysize

Installation

The size of keys to generate (the default is currently 3072, but may change in future release)

idp.keystore.password

Installation

The password to use when the trust PKCS12 keystore  (backchannel) file is created.

idp.sealer.password

Installation

The password to use when the sealer PKCS12 keystore (cookie encryption) file is created.

idp.conf.credentials.filemode

Installation 
Unix Only

Mode to set on credential files after installation (via chmod). The default value is currently 660

idp.conf.credentials.group

Installation
Unix Only

The group to set on the contents of the "credentials" directory (via chgrp).  If not specified none is set.

Property

Used during

Description

Property

Used during

Description

ldap.merge.properties 

Installation

The name a property file to "merge" with the shipped ldap.properties  file. 
Values in the merge file override values in the shipped file.

idp.merge.properties

Installation

The name of a property file to "merge" with the shipped idp.properties  file. 
Values in the merge file override values in the shipped file.

idp.conf.preoverlay

Installation

The name of a directory used to pre-populate the conf file.
Files in the conf tree of the distribution will not overwrite these files.

idp.initial.edit-webapp

Installation

The name of a directory used to populate edit-webapp during first installation.
If present the distributed edit-webapp is ignored.

idp.src.dir

Installation

Where to install from (the distribution)

idp.sealer.alias

Installation

The sealer alias to use

idp.noprompt

All

If set to true then an installation will fail rather than prompt for a missing property.

idp.property.file

All

If provided this property file can be used to as the source of all the properties listed on this page.
This can save constructing long command lines.

idp.conf.setmode

All

Set to false to turn OFF the setting of modes after an installation or upgrade.  Mode setting includes (but may not be limited to)

  • Setting the 'bin' folder contents to Read+Execute

  • Setting the 'system' folder (if present) to Read

  • Setting the 'dist' folder to Read

idp.no.tidy

Installation

For debug purposes, setting this to true will stop intermediate files (such as the idp.property.file) from being deleted after the installation

Property

Used during

Description

Property

Used during

Description

ldap.merge.properties 

Installation

The name a property file to "merge" with the shipped ldap.properties  file. 
Values in the merge file override values in the shipped file.

idp.merge.properties

Installation

The name of a property file to "merge" with the shipped idp.properties  file. 
Values in the merge file override values in the shipped file.

idp.conf.preoverlay

Installation

The name of a directory used to pre-populate the conf file.
Files in the conf tree of the distribution will not overwrite these files.

idp.initial.edit-webapp

Installation

The name of a directory used to populate edit-webapp during first installation.
If present the distributed edit-webapp is ignored.

idp.src.dir

Installation

Where to install from (the distribution)

idp.sealer.alias

Installation

The sealer alias to use

idp.noprompt

All

If set to true then an installation will fail rather than prompt for a missing property.

idp.property.file

All

If provided this property file can be used to as the source of all the properties listed on this page.
This can save constructing long command lines.

idp.conf.setmode

All

Set to false to turn OFF the setting of modes after an installation or upgrade.  Mode setting includes (but may not be limited to)

  • Setting the 'bin' folder contents to Read+Execute

  • Setting the 'system' folder (if present) to Read

  • Setting the 'dist' folder to Read

idp.initial.modules

Installation

A comma separated list of modules to enable during initial install.  If this list is prepended with a '+' then the list is added to the default list (currently idp.authn.Password,idp.intercept.Consent,idp.admin.Hello)

idp.no.tidy

Installation

For debug purposes, setting this to true will stop intermediate files (such as the idp.property.file) from being deleted after the installation

Examples

Setting generated key size on non-Windows system
./bin/install.sh -Didp.keysize=2048
Setting generated key size on Windows system
.\bin\install.bat -Didp.keysize=2048
Setting installation directory on Windows systems
.\bin\build.bat -Didp.target.dir="C:\Program Files (x86)\Shibboleth\IdP"
Enable two additional modules during installation