Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

During installation, a special internal encryption key, referred to as a Cookie Encryption Key or "data sealer" key in various places, is generated. Various features that are enabled by default to support stateless clustering of the IdP depend on this key, along with some less-used features.

If you want to completely disable the use of this key and avoid having one at all, you need V3.3 of the software (unreleased at the time this is being written) and will need to make a few changes to the configuration:

  1. Comment out all the properties in that begin with idp.sealer, particularly idp.sealer.storeResource.
  2. Uncomment and override the idp.session.StorageService and idp.consent.StorageService properties in to reference an appropriate storage service of your choosing,
  3. Uncomment and modify the property named idp.transientId.generator in, and set it to shibboleth.StoredTransientIdGenerator.
  4. Edit the list bean named shibboleth.ClientStorageServices in session-manager.xml and comment out the two bean references (but not the list itself) inside it.
  5. If you have enabled the shibboleth.authn.Password.RetainAsPrivateCredential bean in authn/password-authn-config.xml, you must turn it back off.

The IdP should then restart and function normally.

  • No labels