Versions Compared

Old Version 56

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 57

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • authnContextClassRef (URI)
    • If set, inserts a <samlp:RequestedAuthnContext> element containing the class reference into the <samlp:AuthnRequest>. As of V2.5, this can be a whitespace-delimited list of classes to request. Can be overridden by content setting or query string parameter. As of V2.6, this can also be configured on a per-IdP basis via a RelyingParty setting (only applies if a more general value is not supplied).
  • authnContextComparison ("exact", "minimum", "maximum", "better") (default is "exact")
    • If set, inserts a <samlp:RequestedAuthnContext> element containing the comparison operator into the <samlp:AuthnRequest>. Can be overridden by content setting or query string parameter. Ignored unless an authnContextClassRef value is set.
    ECP (boolean) (default is false)
    • If set, enables Enhanced . As of V2.6, this can also be configured on a per-IdP basis via a RelyingParty setting (only applies if a more general value is not supplied).
  • ECP (boolean) (default is false)
    • If set, enables Enhanced Client/Proxy profile support, causing the SP to recognize the headers sent by an ECP-enabled client and respond with an ECP request instead of a redirect. Note that when this occurs, the IdP need not be known for a request to be generated, unlike in the normal case.

...

  • NameIDFormat (URI) (Version 2.3 and Above)
    • If set, causes the request to require the IdP to respond with a NameID identifier of the given format. If the IdP can not fulfill this requirement, it will return an error response (if correctly implemented). As of V2.6, this can also be configured on a per-IdP basis via a RelyingParty setting (only applies if a more general value is not supplied).
  • SPNameQualifier (URI) (Version 2.3 and Above)
    • If set, causes the authentication request to carry a saml:NameIDPolicy with an SPNameQualifier containing the provided value. If the receiving IdP can not fulfill this requirement, it will return an error response (if correctly implemented). As of V2.6, this can also be configured on a per-IdP basis via a RelyingParty setting (only applies if a more general value is not supplied).

Child Elements

  • <samlp:AuthnRequest> (optional)
    • If present, the XML is used as a template for the request issued. When the configuration file is validated during initial setup, some of the required (but meaningless) attributes on this element are required. This per-request information, such as IssueInstant and ID, is replaced/reset at runtime. Useful for supplying advanced request content that cannot be configured in a simpler way.

...