Versions Compared

Old Version 11

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

Advanced Configuration

Note, this is an advanced configuration feature. Most deployments can rely on the <SSO> shorthand element.

Table of Contents

...

Parameter Name

Parameter Value Type

Default

Description

forceAuthn 

boolean

Establish a value for the ForceAuthn attribute of the <samlp:AuthnRequest>. This asks for forced reauthentication by the IdP (bypassing SSO).

isPassive 

boolean

Establish a value for the IsPassive attribute of the <samlp:AuthnRequest> or the IsPassive parameter of the DS redirect

authnContextComparison 

One of:
exact, minimum, maximum, better

exact

Indicates the required relationship between a requested context class and the resulting form of authentication.

NameIDFormat 

URI

If set, causes the authentication request to carry a saml:NameIDPolicy with a Format containing the provided value. If the receiving IdP can not fulfill this requirement it should return an error response.

SPNameQualifier 

URI

If set, causes the authentication request to carry a saml:NameIDPolicy with an SPNameQualifier containing the provided value. If the receiving IdP can not fulfill this requirement it should return an error response.

attributeIndex 3.3

string

If set, populates the AttributeConsumingServiceIndex XML attribute in the request

template 

base64-encoded SAML <AuthnRequest> message)

If supplied, the eventual SAML request is constructed based on the message supplied, apart from per-request information or settings supplied directly in the configuration or as parameters. Allows a message to be constructed externally with extensions or dynamic content, and then re-issued by the SP.

...