idp.properties

Jann Malenkoff jannmalenkoff at gmail.com
Thu May 12 02:02:15 EDT 2016 

Do the commented out property values imply these are default settings?


# Size of session IDs
#idp.session.idSize = 32
# Bind sessions to IP addresses
#idp.session.consistentAddress = true
# Inactivity timeout
#idp.session.timeout = PT60M
# Extra time to store sessions for logout
#idp.session.slop = PT0S
# Tolerate storage-related errors
#idp.session.maskStorageFailure = false
# Track information about SPs logged into
#idp.session.trackSPSessions = false
# Support lookup by SP for SAML logout
#idp.session.secondaryServiceIndex = false
# Length of time to track SP sessions
#idp.session.defaultSPlifetime = PT2H

# Default lifetime and timeout of various authentication methods
#idp.authn.defaultLifetime = PT60M
#idp.authn.defaultTimeout = PT30M

# Whether to prioritize "active" results when an SP requests more than
# one possible matching login method (V2 behavior was to favor them)
#idp.authn.favorSSO = true

# Whether to fail requests when a user identity after authentication
# doesn't match the identity in a pre-existing session.
#idp.authn.identitySwitchIsError = false

# Set to "shibboleth.StorageService" or custom bean for alternate storage
of consent
#idp.consent.StorageService = shibboleth.ClientPersistentStorageService

# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute
# to key user consent storage records (and set the attribute name)
#idp.consent.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
#idp.consent.userStorageKeyAttribute = uid

# Flags controlling how built-in attribute consent feature operates
#idp.consent.allowDoNotRemember = true
#idp.consent.allowGlobal = true
#idp.consent.allowPerAttribute = false

# Whether attribute values and terms of use text are compared
#idp.consent.compareValues = false
# Maximum number of consent records for space-limited storage (e.g. cookies)
#idp.consent.maxStoredRecords = 10
# Maximum number of consent records for larger/server-side storage (0 = no
limit)
#idp.consent.expandedMaxStoredRecords = 0

# Time in milliseconds to expire consent storage records.
#idp.consent.storageRecordLifetime = P1Y

# Whether to lookup metadata, etc. for every SP involved in a logout
# for use by user interface logic; adds overhead so off by default.
#idp.logout.elaboration = false
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160511/7a7a0883/attachment-0001.html>

More information about the users mailing list