hosted
|
Specifies whether the entity is hosted on, or remote to, the
server to which this metadata is being applied. A value of 0 or flase specifies that the entity is hosted. A value of 1 or true specifies that the entity is
hosted.
|
entityID
|
Specifies the EntityID of the provider
you are configuring. The value of EntityID for
your local provider is the unique uniform resource identifier (URI)
you decide to use to identity yourself to other providers. You will
get a remote provider's EntityID from the metadata
they give to you.
Note –
This EntityID is different from the
entities configured using the console in Access Manager and Federation Manager. It is specific
to SAML v2 interactions.
|
metaAlias
|
Specifies a metaAlias for the provider
being configured. The metaAlias is used to locate
the provider's entity identifier and the organization in which it
is located. The value is a string equal to the realm or organization
name (dependent on whether the SAML v2 Plug-in for Federation Services is installed in Access Manager or Federation Manager)
coupled with a forward slash and the provider name. For example, /suncorp/travelprovider.
Caution – The names used in the metaAlias must
not contain a /.
|
signingCertAlias
|
Specifies the provider certificate alias used to find the correct
signing certificate in the keystore.
|
encryptionCertAlias
|
Specifies the provider certificate alias used to find the correct
encryption certificate in the keystore.
|
basicAuthOn
|
Basic authentication can be turned on to protect SOAP endpoints.
This property takes a value of true or false.
Any provider accessing these endpoints must have the user and password
defined in the following two properties: basicAuthUser and basicAuthPassword.
|
basicAuthUser
|
The user associated with the basic authentication.
|
basicAuthPassword
|
The password associated with the basic authentication.
|
autofedEnabled
|
Enables auto-federation which automatically federates a user's
disparate provider accounts based on a common attribute. This property
takes a value of true or false.
|
autofedAttribute
|
Specifies the attribute used to match a user's disparate provider
accounts when auto-federation is enabled.
|
assertionEffectiveTime
|
Specifies (in seconds) the amount of time that an assertion
is valid counting from the assertion's issue time. The default value
is 600 seconds.
|
idpAuthncontextMapper
|
Specifies the name of the implementation class for the IDPAuthnContextMapper interface. This class sets the authentication context
in the assertion. The default value is com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper, the default implementation.
|
idpAuthncontextClassrefMapping
|
Sets the mappings between the requested authentication context
class and the actual authentication mechanism. The value of this attribute
is in the format of:
authnContextClassRef | authnType=authnValue | authnType=authnValue | ...
where authnContextClassRef is the
authentication context class reference, authnType is
the module, level, or service, and authnValue is
the module name, authentication level, or service name.
|
idpAccountMapper
|
Specifies the implementation of the AccountMapper interface
used to map a remote user account to a local user account for purposes
of single sign-on. The default value is com.sun.identity.saml2.plugins.DefaultIDPAccountMapper, the default implementation.
|
idpAttributeMapper
|
Specifies the implementation of the AttributeMapper interface
used to map a remote user account attribute to a local user account
attribute for purposes of single sign-on. The default value is com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper, the default implementation
|
attributeMap
|
Specifies the mapping of attributes between providers. The value
of this attribute is in the format:
SAML v2-attribute=user-attribute
where SAML v2-attribute is the attribute
name that goes over the wire and user-attribute is
the attribute name it will map to once it arrives.
Note –
If auto-federation is enabled, the value of SAML v2-attribute is equal to the value of autofedAttribute.
|
wantNameIDEncrypted
|
Takes a value of true or false.
If true, the service provider must encrypt all NameID elements.
|
wantArtifactResolveSigned
|
Takes a value of true or false.
If true, the service provider must sign the ArtifactResolve element.
|
wantLogoutRequestSigned
|
Takes a value of true or false.
If true, the identity provider must sign the LogoutRequest element.
|
wantLogoutResponseSigned
|
Takes a value of true or false.
If true, the identity provider must sign the LogoutResponse element.
|
wantMNIRequestSigned
|
Takes a value of true or false.
If true, the identity provider must sign the ManageNameIDRequest element.
|
wantMNIResponseSigned
|
Takes a value of true or false.
If true, the identity provider must sign the ManageNameIDResponse element.
|
cotlist
|
Specifies the name of the circle(s) of trust to which this provider
belongs. As one provider may be in a number of circles, this attribute
might have multiple values.
|