In 6.2 UI, the IdP configuration UI has a section "Service Provider Defaults" which are the values read from portal-ext.properties. This section has been removed in the new 7.0 UI. In fact there is no longer any support for connection defaults.
This default configuration properties in 6.2 were used for two purposes:
- When saml.metadata.paths was specified in portal-ext.properties (there was no UI for it), the defaults provided the runtime configuration for each peer entity represented by the paths (URLs). This completed the peer configuration, enabling them to be used immediately. Each peer connection can be tweaked using filtered properties like saml.idp.metadata.name.id.attribute[peerEntityId] if needed.
- When using UI to add a peer connection, the fields are pre-populated with the defaults. Saving time.
Starting with the 7.0 version, anything to do with configuring SP connections must be done via the the UI, and stored into the DB.
Consequently, there is no need to specify configuration for any entity other than the local entity which is synonymous with company (portal instance).
This has enabled us to migrate to a company scoped configuration in Configuration Admin.
The properties affected are those in the SamlProviderConfiguration metatype:
The SAML Admin Portlet remains as the UI for creating the company scoped configuration instances.
Please note that there is a system wide configuration as well, represented by the SamlConfiguration metatype.
Finally, please note that the following system wide properties have been removed:
- saml.metadata.paths (serves no purpose after removal of SP connection defaults)
The latter two are replaced with saml.runtime.metadata.refresh.interval