...
- IdP Metadata URI
- IdP EntityID
- Log on URL (no need to enter this if using federation)
- Log out URL (no need to enter this if using federation)
- Certificate Fingerprint (this is your Signing certificate fingerprint)
- Login attribute (this only has the option of NameID)
- Strip Domain From Login Attribute Value
- Identifier Format (they have the full list of NameID formats here, in this example we use
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified) - Authentication context (they have a list here, in this example we choose use
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport) - Message signing, leave at RSA-SHA256
...
SAML attributes are supported and can be mapped to their Name as an OID easily, they also appear in the RequestedAttributes in the SP generated metadata. You will need to map a SAML attribute to the SIS ID attribute in the service, this appears to be a key field used in manual provisioning, it appears to treat these values case sensitively in SAML, but not with other plugins authentication sources such as LDAP (directly into Canvas), that can cause some issues during a migration.
...