Configuration Options Related Tasks Related Topics
Configure an Asserting Party that can generate SAML assertions consumed by this SAML Identity Assertion provider.
The Asserting Party ID.
A short description of this Asserting Party.
Specifies whether this Asserting Party can be used to obtain SAML assertions.
The SAML profile used with this partner: one of Browser/Artifact, Browser/POST, WSS/Sender-Vouches, or WSS/Holder-of-Key.
The target URL of this SAML Asserting Party.
|POST Signing Certificate Alias||
The alias of the certificate trusted for verifying signatures on SAML protocol elements from this Asserting Party. Must be set for Browser/POST profile
|Partner Source Site ID||
The Source ID of the SAML Source Site represented by this Asserting Party. Used for Browser/Artifact profile only, to look up the partner configuration corresponding to an artifact that has been received.
|Assertion Retrieval URL||
The Assertion Retrieval Service (ARS) URL of the SAML Source Site represented by this configuration. Used with Browser/Artifact profile only, to retrieve the assertion corresponding to an artifact.
|Assertion Retrieval Username||
An optional user name used to authenticate when connecting to the ARS URL.
|Assertion Retrieval Password||
An optional password used to authenticate when connecting to the ARS URL.
|Source Site Redirect URIs||
An optional set of URIs from which unauthenticated users will be redirected to the configured ITS URL. If set, the IntersiteTransferURL must also be set.
|Source Site ITS URL||
The Intersite Transfer Service (ITS) URL of the SAML Source Site for this Asserting Party.
Used with SSO profiles only, to support the destination site first scenario, whereby a user tries to access a destination site URL prior to being authenticated and is redirected to the source site to be authenticated and obtain a SAML assertion. The Redirect URIs attribute must also be configured for source-site redirection to work.
|Source Site ITS Parameters||
Optionally, zero or more query parameters, of the form name=value, that will be added to the ITS URL when redirecting to the source site.
The issuer URI of the SAML Authority issuing assertions for this SAML Asserting Party.
An optional set of SAML Audience URIs. If set, an incoming assertion must contain at least one of the specified URIs in order to be considered valid.
If true, assertions must be signed. If false, signature elements are not required, but will be verified if present.
|Assertion Signing Certificate Alias||
The alias of the certificate trusted for verifying signatures on assertions from this Asserting Party. This must be set if Signature Required is true. The certificate must also be registered in the SAML Identity Asserter's certificate registry.
|Name Mapper Class||
The name mapper class of this SAML Identity Asserter Version 2 Asserting Party.
|Process Groups Attribute||
Indicates whether the SAML Identity Asserter should look for a SAML AttributeStatement containing group names when processing an incoming assertion. Default value is false.
|Allow Virtual Users||
Indicates whether the SAML Identity Asserter is allowed to create user/group principals for the user represented by an incoming assertion.
If true, the SAML Identity Asserter will create user/group principals, with the possible result that the user is logged in as a virtual user -- a user that does not correspond to any locally-known user. If false, the SAML Identity Asserter will not create user/group principals for the user, and identity assertion will fail unless the user is authenticated by some other authentication provider, indicating that the user name corresponds to a known local user.