...
Advanced Configuration
Note |
---|
This is an advanced configuration feature. Most deployments can rely on the |
The <md:ManageNameIDService>
element is used to configure handlers that are responsible for processing name identifier management messages from an IdP. These are protocol specific, but generally fall into two classes: requests, which inform the SP of a change, and responses, which conclude a change event initiated by the SP.
...
The SAML 2.0 NameID management handler implements the SAML 2.0 Browser NameID management profile. The incoming message must be a <samlp:ManageNameIDRequest>
. SP-initiated management is not currently supported.
If the message is a request via a front-channel binding, then the following steps are performed. If an error occurs at any point, an effort is made to respond to the requesting IdP with a <samlp:ManageNameIDResponse>
containing the error.
Verification of the information in the request against the active session is done.
The back-channel application notification loop is executed.
A
<samlp:ManageNameIDResponse>
is returned to the requesting IdP.
If the message is a request via a back-channel binding, then the following steps are performed:
The back-channel application notification loop is executed.
A
<samlp:ManageNameIDResponse>
is returned to the requesting IdP.
The following Binding
values are supported:
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
urn:oasis:names:tc:SAML:2.0:bindings:SOAP
...
The following may be specified for all protocols and bindings
Name | Type | Default | Description |
---|---|---|---|
Location |
relative path | required | The location of the service (when combined with the base handlerURL). This is the location to which an IdP sends requests to resolve artifacts. |
Binding
Binding | UTI | required | Identifies the protocol binding supported by the service. |