The update command allows you to check to see whether an update is available for the IdP.

By default this will display whether the IdP can be updated:

$ ./ INFO - No Upgrade available from 5.0.0

If a new version is available it will be announced:

$ ./ INFO - Version 5.0.0 can be upgraded to 5.1.0

The updated distribution can be downloaded using the -d qualifier. Downloaded files are signature checked against the current Shibboleth PGP_KEYS file but, as for the plugin installer, you have to accept the offered key (which you are expected to independently validate). The keystore of trusted signatures can be overridden on the command line, but defaults to %{idp.home}/credentials/net.shibboleth.idp/

Command Line Options

By defaut (no qualifiers) a check of the current version is made.












List versions available




If an upgrade is available download and signature check it



Version string

Download the distribution for the provided version even if it isn’t an available update (required -d)

The following are for advanced use:



Path to a GPG key ring

Path to the (non default) trust store file used check the signature




Location to get the update information




Verbose logging




Quiet logging



Path to logback configuration

Specify a file to use to control the logging of the plugin command




Output the version of the plugin command



Bean ID

Allows specification of an HTTP client bean used to download updates (or perform any related Module operation).

For details on wiring up a client bean, refer to the HttpClientConfiguration topic.



Bean ID

Allows security customization of the HTTP operation(s).

Additionally a set of Spring resource files can be supplied to provide the configuration for the last two qualifiers.