Versions Compared

Old Version 15

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 16

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • includeAttributeStatement - a boolean flag indicating whether to include an attribute statement in addition to the authentication statement, defaults to true
  • outboundArtifactType - Default artifact type used when sending responses via artifact, defaults to 4
  • assertionLifetime - The lifetime, in milliseconds, for issued assertions, defaults to 300000 (5 minutes)
  • localityAddress - IP address to use in the authentication statement's SubjectLocality element, defaults to the IP address of the client
  • localityDNSName - DNS name to use in the authentication statements SubjectLocality element
  • assertionProxyCount - A non-negative integer used to populate the Count attribute in the assertion's ProxyRestriction element, defaults to 0
  • includeConditionsNotBefore - (V2.4.0+) Include a NotBefore timestamp in the assertions' validity conditions, defaults to true
  • signResponses - see Configuring XML Signature and Encryption
  • signAssertions - see Configuring XML Signature and Encryption
  • signRequests - see Configuring XML Signature and Encryption
  • encryptAssertions - see Configuring XML Signature and Encryption
  • encryptNameIds - see Configuring XML Signature and Encryption

In addition, the SAML 2 ECP profile configuration element supports two child elements.Audience

  • <Audience>, whose content is used to populate the

...

  • <Audience> elements of

...

  • <AudienceRestriction> element. This element may appear any number of times, one for each audience.

...

  • <ProxyAudience>, whose content is used to populate the

...

  • <Audience> elements of the <ProxyRestriction> condition element. This element may appear any number of times, one for each audience.

Metadata

Because this profile requires server/container configuration above and beyond the normal IdP install process the install-time metadata generator will generate metadata with the ECP endpoint commented out. If you are using this profile, you may want to include that endpoint in the production metadata you supply to federations or SPs, although in practice it is only useful if the ECP client code being used happens to support metadata in some way.