...
| Expand |
|---|
|
Name | Type | Default | Description |
|---|
encryptAssertions | Boolean | See Notes | Whether to encrypt assertions | encryptAttributes | Boolean | false | Whether to encrypt attributes | randomizeFriendlyName 5.1 | Boolean | false | Whether to decorate the FriendlyName attribute in SAML Attributes with a varying component that can flag SPs improperly depending on the value | attributeRecipientGroupID 5.2 | String | | A group/sector/affiliation/your-name-here representing a collection of SPs that act as a unit for the purposes of handling attribute resolution. This directs the IdP to populate the corresponding field in the AttributeResolutionContext provided to the attribute resolver. |
|
Notes
The default value of signResponses for this profile is an extended form of the behavior that was referred to in V2 as "conditional". It signs only if TLS isn't used (very unusual) or if the receiving port is 443. It assumes that traffic over 443 will be relying on message-based security measures, whereas traffic to an alternative TLS port like 8443 will be relying on mutual authentication and thus provide a secure channel.
...