SAML Credential Mapping Provider V2: Relying Party: Configuration
Configuration Options Related Tasks Related Topics
Specify the configuration of this Relying Party.
Configuration Options
Name Description Partner ID The ID of this SAML Relying Party.
Description A short description of this SAML Relying Party.
MBean Attribute:
SAMLCredentialMapperV2MBean.Description
Changes take effect after you redeploy the module or restart the server.
Enabled The state of this SAML Relying Party.
Profile The SAML profile used with this partner: one of Browser/Artifact, Browser/POST, WSS/Sender-Vouches, WSS/Holder-of-Key, or WSS/Bearer.
Target URL The destination site URL for which authentication is requested.
Name Mapper Class The name mapper class used for this SAML Relying Party.
Include Groups Attribute Specifies whether the group names attribute is included when generating an assertion for this SAML Relying Party.
Assertion Consumer URL The URL at which an Assertion Consumer Service for this SAML Relying Party can be reached.
Indicates the URL to which an assertion or artifact should be POSTed or redirected.
Assertion Consumer Parameters One or more optional query parameters, in the form name=value, that will be added to the ACS URL when redirecting to the destination site. In the case of POST profile, these parameters will be included as form variables when using the default POST form. If a custom POST form is in use, the parameters will be made available as a Map of names and values, but the form may or may not constructed to include the parameters in the POSTed data.
POST Form The POST form used with this SAML Relying Party.
Assertion Retrieval Username An optional username used by this SAML Relying Party to retrieve assertions. If set, the destination site must use this username to connect to the ARS.
Assertion Retrieval Password An optional password used by this SAML Relying Party to retrieve assertions. If set, the destination site must use this password to connect to the ARS.
Assertion Retrieval SSL Certificate Alias The alias of the SSL client certificate trusted for this relying party to connect to the ARS. If set, the destination site must use this certificate to connect to the ARS. You must also add this certificate to the registry of trusted certificates for this SAML Credential Mapping provider.
Audience URI An optional set of SAML Audience URIs. If set, an incoming assertion must contain at least one of the specified URIs in order to be considered valid.
Assertion Time To Live The time to live, in seconds, of assertions generated for this SAML Relying Party.
This value, if set to a value other than zero, overrides the default Time to Live value set in the SAML Credential Mapping provider.
Assertion Time To Live Offset A time factor you can use to allow the Credential Mapper to compensate for clock differences between the source and destination sites. The value is a positive or negative integer representing seconds.
Normally, an assertion is valid from the NotBefore time, which defaults to (roughly) the time the assertion was generated, until the NotOnOrAfter time, which is calculated as (NotBefore + TimeToLive). However, the source site and the destination site may have minor differences in their clock settings. The Time To Live offset value is a positive or negative integer indicating how many seconds before or after "now" the assertion's NotBefore should be set to. If you set a value for the Assertion Time To Live Offset, then the assertion lifetime is still calculated as (NotBefore + TimeToLive), but the NotBefore value is set to (now + Assertion Time To Live Offset). So, an assertion might have a two minute (120 second) lifetime that starts thirty seconds ago, or starts one minute from now. This allows the Credential Mapper to compensate for clock differences between the source and destination sites.
Include DoNotCache Condition Specifies whether assertions are cached for this SAML Relying Party. If true, a DoNotCache condition will be added to assertions generated for this relying party. Default value is false.
Sign Assertions Specifies whether generated assertions for this SAML Relying Party are signed.
Include Keyinfo Indicates whether a <ds:keyinfo> element containing the signing certificate should be included when signing assertions. Default value is true. This value is ignored if Sign Assertions is false.