SAMLv2 Service Configuration (Sun OpenSSO Enterprise 8.0 Administration Reference)

Sun OpenSSO Enterprise 8.0 Administration Reference

SAMLv2 Service Configuration

Cache Cleanup Interval

This attribute specifies the duration (in seconds) between each cache cleanup.

Attribute Name for Name ID Information

Specifies the attribute name used to store name identifier information on a user's entry. If nothing is specified, the default attribute (sun-fm-saml2-nameid-info) will be used. The corresponding datastore bind user must have read/write/search/compare permission to this attribute.

Attribute Name for Name ID Information Key

Specifies the attribute name used to store name identifier key on a user's entry. If not specified, the default attribute (sun-fm-saml2-nameid-infokey) will be used. The corresponding datastore bind user must have read/write/search/compare permission to this attribute. You must also must make sure that the equality type index is added.

Cookie Domain for IDP Discovery Service

Specifies the cookie domain for the SAMLv2 IDP discovery cookie.

Cookie Type for IDP Discovery Service

Specifies cookie type used in SAMLv2 IDP Discovery Service, either Persistent or Session. Default is Session.

URL Scheme for IDP Discovery Service

Specifies URL scheme used in SAMLv2 IDP Discovery Service.

XML Encryption SPI Implementation Class

Specifies implementation class name for the SAMLv2 Encryption Provider interface. The class is used to perform XML encryption and decryption in SAMLv2 profiles.

Include Encrypted Key Inside KeyInfo Element

This is used in the com.sun.identity.saml2.xmlenc.FMEncProvider class. If enabled, it will include EncryptedKey inside a KeyInfo in the EncryptedData element when performing XML encryption operation. If it is not enabled, EncryptedKey is paralleled to the EncryptedData element. Default is enabled.

XML Signing Implementation Class

If enabled, the signing certificate used by identity provider and service provider will be validated against certificate revocation list (CRL) configured in the Security settings under the Sites and Servers tab. If the certificate is not validated and accepted, it will stop and return a validation error without doing further XML signature validation.

XML Signing Certificate Validation

If enabled, the SAML identity provider or service provider will validate the certificate that is used in signing . If the certificate is validated and accepted, the provider will validate the signature. If not, it will stop and return a validation error.

CA Certificate Validation

If enabled, the signing certificate used by identity provider and service provider will be validated against the trusted CA list. If the certificate is not validated and accepted, it will stop and return a validation error without doing further XML signature validation.