...
Advanced Configuration
| Note |
|---|
This is an advanced configuration feature. Most deployments can rely on the |
The <md:ManageNameIDService> element is used to configure handlers that are responsible for processing name identifier management messages from an IdP. These are protocol specific, but generally fall into two classes: requests, which inform the SP of a change, and responses, which conclude a change event initiated by the SP.
...
The SAML 2.0 NameID management handler implements the SAML 2.0 Browser NameID management profile. The incoming message must be a <samlp:ManageNameIDRequest>. SP-initiated management is not currently supported.
If the message is a request via a front-channel binding, then the following steps are performed. If an error occurs at any point, an effort is made to respond to the requesting IdP with a <samlp:ManageNameIDResponse>containing the error.
Verification of the information in the request against the active session is done.
The back-channel application notification loop is executed.
A
<samlp:ManageNameIDResponse>is returned to the requesting IdP.
If the message is a request via a back-channel binding, then the following steps are performed:
The back-channel application notification loop is executed.
A
<samlp:ManageNameIDResponse>is returned to the requesting IdP.
The following Binding values are supported:
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirecturn:oasis:names:tc:SAML:2.0:bindings:HTTP-POSTurn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSignurn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifacturn:oasis:names:tc:SAML:2.0:bindings:SOAP
...
The following may be specified for all protocols and bindings
Name | Type | Default | Description |
|---|---|---|---|
Location |
relative path | required | The location of the service (when combined with the base handlerURL). This is the location to which an IdP sends requests to resolve artifacts. |
Binding Binding | UTI | required | Identifies the protocol binding supported by the service. |