...
Overview
The SAML2.Logout profile configuration bean enables support for the SAML 2.0 Single Logout profile.
...
Virtually all the configuration options below can be set via two different properties: a static property that explicitly sets the value to use and a lookup strategy or predicate property that takes a a Function or Predicate and returns the value to use. The dynamic property is generally named "propertyNamePredicate" or "propertyNameLookupStrategy" for Boolean- and non-Boolean-valued properties respectively.The examples shown are not specific to any particular profile configuration.
Localtabgroup |
---|
Localtab |
---|
| Include Page |
---|
| ProfileConfiguration-Common |
---|
| ProfileConfiguration-Common |
---|
|
|
Localtab |
---|
| Include Page |
---|
| ProfileConfiguration-SAML |
---|
| ProfileConfiguration-SAML |
---|
|
|
Localtab |
---|
| Include Page |
---|
| ProfileConfiguration-SAML2 |
---|
| ProfileConfiguration-SAML2 |
---|
|
|
Localtab |
---|
| Include Page |
---|
| ProfileConfiguration-Artifact |
---|
| ProfileConfiguration-Artifact |
---|
|
|
Localtab |
---|
| Include Page |
---|
| ProfileConfiguration-SAML2Logout |
---|
| ProfileConfiguration-SAML2Logout |
---|
|
|
|
...
Notes
The default values of signRequests
and signResponses
for this profile make a channel dependent choice. Specifically it signs on the front-channel, and on the back-channel only if TLS isn't used (very unusual) or if the receiving port is 443. It assumes that traffic over 443 will be relying on message-based security measures (but see above), whereas traffic to an alternative TLS port like 8443 will be relying on mutual authentication and thus provide a secure channel.
...