Date: Thu, 28 Mar 2024 20:59:36 +0000 (UTC) Message-ID: <428544369.3.1711659576800@382ed92ae0a4> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_2_210467257.1711659576800" ------=_Part_2_210467257.1711659576800 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
The <md:ManageNameIDService>
element is used =
to configure handlers that are responsible for processing name identifier m=
anagement messages from an IdP. These are protocol specific, but generally =
fall into two classes: requests, which inform the SP of a change, and respo=
nses, which conclude a change event initiated by the SP.
This is an advanced configuration feature. Most deployments can rely on =
the <NameIDMgmt>
sh=
orthand element.
As a multi-protocol system, the SP itself is oblivious to specific manag= ement protocols; each handler provides the implementation of a particular p= rotocol.
Location
(relative path)=20
Binding
(URI)=20
The SAML 2.0 NameID management handler implements the SAML 2.0 Browser N=
ameID management profile. The incoming message must be a <samlp:Ma=
nageNameIDRequest>
. SP-initiated management is not currently supp=
orted.
If the message is a request via a front-channel binding, then the follow=
ing steps are performed. If an error occurs at any point, an effort is made=
to respond to the requesting IdP with a <samlp:ManageNameIDRespon=
se>
containing the error.
<samlp:ManageNameIDResponse>
is returned to the re=
questing IdP.If the message is a request via a back-channel binding, then the followi= ng steps are performed:
<samlp:ManageNameIDResponse>
is returned to the re=
questing IdP.The following Binding
values are supported:
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
<=
/li>
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
urn:oasis:names:tc:SAML:2.0:bindings:SOAP