Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

SAML Credential Mapping Provider V2: Relying Party: Configuration

Configuration Options     Related Tasks     Related Topics

Specify the configuration of this Relying Party.

Configuration Options

Name Description
Partner ID

The ID of this SAML Relying Party.

Description

A short description of this SAML Relying Party.

MBean Attribute:
SAMLCredentialMapperV2MBean.Description

Changes take effect after you redeploy the module or restart the server.

Enabled

The state of this SAML Relying Party.

Profile

The SAML profile used by this SAML Relying Party.

Target URL

The destination site URL for which authentication is requested.

Name Mapper Class

The name mapper class used for this SAML Relying Party.

Include Groups Attribute

Specifies whether the group names attribute is included when generating an assertion for this SAML Relying Party.

Assertion Consumer URL

The URL at which an Assertion Consumer Service for this SAML Relying Party can be reached.

Indicates the URL to which an assertion or artifact should be POSTed or redirected.

Assertion Consumer Parameters

One or more optional query parameters, in the form name=value, that will be added to the ACS URL when redirecting to the destination site. In the case of POST profile, these parameters will be included as form variables when using the default POST form. If a custom POST form is in use, the parameters will be made available as a Map of names and values, but the form may or may not constructed to include the parameters in the POSTed data..

POST Form

The POST form used with this SAML Relying Party.

Assertion Retrieval Username

An optional username used by this SAML Relying Party to retrieve assertions. If set, the destination site must use this username to conntect to the ARS.

Assertion Retrieval Password

An optional password used by this SAML Relying Party to retrieve assertions. If set, the destination site must use this pasword to conntect to the ARS.

Assertion Retrieval SSL Certificate Alias

The alias of the SSL client certificate trusted for this relying party to connect to the ARS. If set, the destination site must use this certificate to connect to the ARS. You must also add this certificate to the registry of trusted certificates for this SAML Credential Mapping provider.

Audience URI

An optional set of SAML Audience URIs. If set, an incoming assertion must contain at least one of the specified URIs in order to be considered valid.

Assertion Time To Live

The time to live, in seconds, of assertions generated for this SAML Relying Party.

This value, if set to a value other than zero, overrides the default Time to Live value set in the SAML Credential Mapping provider.

Assertion Time To Live Offset

A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites. The value is a positive or negative integer representing seconds.

Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). However, the source site and the destination site may have minor differences in their clock settings. The Time To Live offset value is a positive or negative integer indicating how many seconds before or after "now" the assertion's NotBefore should be set to. If you set a value for the Assertion Time To Live Offset, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + Assertion Time To Live Offset). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the Credential Mapper to compensate for clock differences between the source and destination sites.

Include DoNotCache Condition

Specifies whether assertions are cached for this SAML Relying Party. If true, a DoNotCache condition will be added to assertions generated for this relying party. Default value is false.

Sign Assertions

Specifies whether generated assertions for this SAML Relying Party are signed.

Include Keyinfo

Indicates whether a <ds:keyinfo> element containing the signing certificate should be included when signing assertions. Default value is true. This value is ignored if Sign Assertions is false.

Related Tasks

Related Topics


Back to Top