Versions Compared

Old Version 2

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version 3

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Name

Type

Default

Description

checkValidity booleantrue

When true, the enclosed <SubjectConfirmationData> element must include a NotOnOrAfter attribute, and both it and the optional NotBefore attribute are checked for validity.

checkRecipient booleantrueWhen true, and the URL to which the assertion was submitted is available, the <SubjectConfirmationData> element's Recipient attribute is checked against that value. If no attribute is present, this setting has no effect.
checkCorrelation booleantrue

When true, and the identifier of a request to which the assertion was submitted as a response is available, the <SubjectConfirmationData> element's InResponseTo attribute is checked against that value. If no InResponseTo attribute is present, this setting has no effect.

In the Shibboleth SP, the request ID is not in fact ever available, so this setting doesn't have any effect either way.

missingFatal booleantrueWhen true, the absence of an acceptable <SubjectConfirmation> element is treated as a fatal error. Otherwise, the rule signals nothing was found but does not fail. Can be set to allow for stacking of rules based on multiple confirmation methods.

...