The following fields are available on the
Details configuration tab:
Name:
Enter a name for this filter here.
SOAP Actor/Role:
If you expect the SAML assertion to be embedded within a WS-Security
block, you can identify this block by specifying the SOAP Actor or Role
of the WS-Security header that contains the assertion.
XPath Expression:
Alternatively, if the assertion is not contained within a WS-Security
block, you can enter an XPath expression to locate the attribute
assertion. XPath expressions can be added by selecting the
Add button. Expressions can be edited and deleted
by selecting an XPath expression and clicking the
Add and Delete buttons
respectively.
SAML Namespace:
Select the SAML namespace that must be used on the SAML assertion in order
for this filter to succeed. If you do not wish to check the namespace,
select the "Do not check version" option from the dropdown.
SAML Version:
Enter the SAML Version that the assertion must adhere to by entering the
major version in the 1st field, followed by the minor version in the 2nd
field. For example, for SAML version 2.0, enter "2" in the 1st field and
"0" in the 2nd field.
Drift Time:
When the Enterprise Gateway receives a SAML attribute assertion, it first checks to
make sure that it has not expired. The lifetime of the assertion is
specified using the "NotBefore" and "NotOnOrAfter" attributes of the
<Conditions> element in the assertion itself.
The Enterprise Gateway makes sure that the time at which it validates
the assertion is between the "NotBefore" and "NotOnOrAfter" times.
The Drift Time is used to account for differences in the
clock time of the machine that generated the assertion and the machine
hosting the Enterprise Gateway. The time specified here will be subtracted from the
time at which the Enterprise Gateway attempts to validate the assertion.
|