Previous Contents Index Next |
Sun ONE Identity Server Administration Guide |
Chapter 30 SAML Attributes
The Security Assertion Markup Language (SAML) Attributes are global attributes. The values applied to them are carried across the Sun ONE Identity Server configuration and inherited by every configured organization. (They can not be applied directly to roles or organizations as the goal of global attributes is to customize the Identity Server application.)
For more information about the SAML Service architecture, see the Sun One Identity Server Programmer's Guide.
The SAML attributes are as follows:
Site ID And Site Issuer Name
Site ID And Site Issuer Name
This attribute contains a list of entries, with each entry containing an instance ID, site ID, and site issuer name. The default value will be assigned during installation. The format is as follows:
instanceid=serverprotocol://servername:portnumber|siteid=<site_id>| issuerName=<site_issuer_name>
Sign Request
This attribute specifies whether all SAML requests will be digitally signed (XML DSIG) before being delivered. Clicking on this option will enable this feature.
Sign Response
This attribute specifies whether all SAML responses will be digitally signed (XML DSIG) before being delivered. Clicking on this option will enable this feature.
All SAML responses used by the SAML Web Post profile will be digitally signed whether this option is enabled or not enabled.
Sign Assertion
This attribute specifies whether all SAML assertions will be digitally signed (XML DSIG) before being delivered. Clicking on this option will enable this feature.
Artifact Name
This attribute assigns a variable name to a SAML artifact defined in the SAML Service configuration. A SAML artifact is bounded-size data, which identifies an assertion and a source site. It is carried as part of a URL query string and conveyed by a re-direction to the destination site. The default is SAMLart.
Target Specifier
This attribute assigns a variable name to the destination site URL used in the re-direct. The default is Target.
Artifact Timeout (seconds)
This attribute specifies the timeout for an assertion created for an artifact. The default is 120.
Assertion Skew Factor For notBefore Time
This attribute is used to calculate the notBefore time of an assertion. For example, if the IssueInstant is 2002-09024T21:39:49Z, and the Assertion Skew Factor notBefore Time value is set to 300 seconds (which is the default value), the notBefore attribute of the conditions element for the assertion would be 2002-09-24T21:34:49Z.
Assertion Timeout (seconds)
This attribute specifies the number of seconds before a timeout occurs on an assertion. The default is 60.
Trusted Partner Sites
This attribute stores a partner's information so that one site can establish a trusted relationship to communicate with another partner site.
This attribute contains a list of entries, with each entry containing key/value pairs (separated by "|"). The source ID is required for each entry. For example:
SourceID=siteid|SOAPURL=https://servername:portnumber/amserver/SAML SOAPReceiver|AuthType=SSL|hostlist=ipaddress
The following table lists an example configuration for trusted partner sites. Not all of the parameters are necessary for all use cases, so the optional parameters are contained in brackets.
Sender
Receiver
artifact
POST profile
SOAP Request
POST To Target URLs
If the target URL received through SSO (either artifact profile or POST profile) by the site is listed in this attribute, the assertion or assertions that are received from SSO will be sent to the target URL by an http: FORM POST.
Previous Contents Index Next
Copyright 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated December 04, 2002