Configuration Options Related Tasks Related Topics
Specify the configuration of this Relying Party.
Name | Description |
---|---|
Partner ID |
The ID of this SAML Relying Party. |
Description |
A short description of this SAMLRelying Party. MBean Attribute: Changes take effect after you redeploy the module or restart the server. |
Enabled |
The state of this SAML Relying Party. |
Profile |
The SAML profile used by this SAML Relying Party. |
Target URL |
The destination site URL for which authentication is requested. |
Name Mapper Class |
The name mapper class used for this SAML Relying Party. |
Include Groups Attribute |
Specifies whether the group names attribute is included when generating an assertion for this SAML Relying Party. |
Assertion Consumer URL |
The URL at which an Assertion Consumer Service for this SAML Relying Party can be reached. Indicates the URL to which an assertion or artifact should be POSTed or redirected. |
Assertion Consumer Parameters |
One or more optional query parameters, in the form name=value, that will be added to the ACS URL when redirecting to the destination site. In the case of POST profile, these parameters will be included as form variables when using the default POST form. If a custom POST form is in use, the parameters will be made available as a Map of names and values, but the form may or may not constructed to include the parameters in the POSTed data.. |
POST Form |
The POST form used with this SAML Relying Party. |
Assertion Retrieval Username |
An optional username used by this SAML Relying Party to retrieve assertions. If set, the destination site must use this username to conntect to the ARS. |
Assertion Retrieval Password |
An optional password used by this SAML Relying Party to retrieve assertions. If set, the destination site must use this pasword to conntect to the ARS. |
Assertion Retrieval SSL Certificate Alias |
The alias of the SSL client certificate trusted for this relying party to connect to the ARS. If set, the destination site must use this certificate to connect to the ARS. You must also add this certificate to the registry of trusted certificates for this SAML Credential Mapping provider. |
Audience URI |
An optional set of SAML Audience URIs. If set, an incoming assertion must contain at least one of the specified URIs in order to be considered valid. |
Assertion Time To Live |
The time to live of assertions for this SAML Relying Party. If the value is zero, then assertions have an infinite lifetime. |
Assertion Time To Live Offset |
A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites. The value is a positive or negative integer representing seconds. Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). This value is a positive or negative integer indicating how many seconds before or after "now" the assertions NotBefore should be set to. If you set a value for DefaultTimeToLiveDelta, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + TimeToLiveDelta). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the Credential Mapper to compensate for clock differences between the source and destination sites. |
Include DoNotCache Condition |
Specifies whether assertions are cached for this SAML Relying Party. If true, a DoNotCache condition will be added to assertions generated for this relying party. Default value is false. |
Sign Assertions |
Specifies whether generated assertions for this SAML Relying Party are signed. |
Include Keyinfo |
Indicates whether a <ds:keyinfo> element containing the signing certificate should be included when signing assertions. Default value is true. This value is ignored if Sign Assertions is false. |