3 Configuration - Reference Documentation
Authors: Aaron J. Zirbes, Sphoorti Acharya
Version: 2.0.0
3 Configuration
Configuration options for the plugin
Any property overrides must be specified inThere are several configuration options for the Shibbolet Natibe SP plugin. In practice the defaults are fine for most deployments and only a few will need to be overridden.grails-app/conf/Config.groovyusing thegrails.plugin.springsecuritysuffix, for examplegrails.plugin.springsecurity.saml.active = true
| Name | Default | Meaning |
|---|---|---|
| saml.active | true | Activate Spring Security SAML |
| saml.afterLoginUrl | '/' | Provide the login Url which is intercepted and taken to the IDP login page |
| saml.afterLogoutUrl | '/' | Provider after logout url to which user should be redirected to on logout |
| saml.userGroupAttribute | "memberOf" | specify the saml assertion attribute that holds returned group membership data |
| saml.autoCreate.active | false | If you want the plugin to generate users in the DB as they are authenticated via SAML |
| saml.autoCreate.key | 'username' | TODO |
| saml.metadata.defaultIdp | 'ping' | Default IDP to use in case of multiple IDP setup Ex : adfs, shibb, wso2 |
| saml.metadata.url | '/saml/metadata' | URL where the metatdata for the application (SP) is availiable. You'll need this information to configure your IdP. |
| saml.metadata.providers | ping :'security/idp-local.xml' | Identity Service Providers that could be used for this application |
| saml.metadata.sp.file | 'security/sp.xml' | Location of the service provider metadata file. This could be a classpath location, (for example, security/sp.xml) or it could be a absolute location on the machine (for example, C://temp/sp.xml or file:/home/u02/sp.xml) |
| saml.metadata.sp.defaults | local: true, alias: 'test', securityProfile: 'metaiop', signingKey: 'ping', encryptionKey: 'ping', tlsKey: 'ping', requireArtifactResolveSigned: false, requireLogoutRequestSigned: false, requireLogoutResponseSigned: false | local: Pre-populated to indicate value to be picked up. alias: A alias name that is unique to this application Ex: application-sp. securityProfile: Pre-populated value. signingKey: A key used to sign the messages that is unique to this application Ex: application-sp. encryptionKey: A key to to encrypt the message that is unique to this application Ex: application-sp. tlsKey: A tls key that is unique to this application Ex: application-sp. requireArtifactResolveSigned: Pre-Populated to set to false indicating artifact to be signed or not. requireLogoutRequestSigned: Pre-Populated to set to false indicating logout request to be signed or not. requireLogoutResponseSigned: Pre-Populated to set to false indicating logout response to be signed or not. |
| saml.keyManager.storeFile | 'classpath:security/keystore.jks' | Location of the keystore file. This could be a classpath (for example, classpath:security/keystore.jks) or it could be a absolute location on the machine (for example, file:c://temp/keystore.jks or file:/home/u02/keystore.jks). |
| saml.keyManager.storePass | 'nalle123' | Password used to decrypt the keys in the keystore created above. |
| saml.keyManager.passwords | ping: 'ping123' | Key value pair to validate the key. Contains the key name used at the time of key-Store creation and password to decrypt the same. |
| saml.keyManager.defaultKey | 'ping' | Key name used at the time of key-store creation |