Advanced Configuration
Note, this is an advanced configuration feature. Most deployments can rely on the <SSO>
shorthand element.
The ADFS handler is only available if the adsfs.so
extension library is loaded by the SP.
The ADFS ACS implements the Microsoft ADFS authentication protocol, a subset of the WS-Federation passive requester profile. In addition, the ACS performs attribute extraction, filtering, and resolution based on the data supplied by the IdP.
The following Binding
values are supported:
http://schemas.xmlsoap.org/ws/2003/07/secext
Attributes
The following may be specified for all protocols and bindings.
Name | Type | Default | Description |
---|---|---|---|
Location | relative path | required | The location of the ACS (when combined with the base handlerURL). This is the location to which an IdP sends assertions using whatever protocol and binding it shares with the SP. Each combination of SSO protocol and binding is usually installed at a unique location to improve efficiency. |
Binding | URI | required | Identifies the protocol binding supported by the ACS. Bindings describe how the assertion and any enclosing content are packaged by the IdP (or by the browser in some cases) for consumption by the ACS. As an example, the SAML 2.0 specification and subsequent documents describe as many as 4-5 different bindings that all underlie essentially the same SSO protocol. |
index | unsigned integer | A "tag" that identifies the ACS endpoint so that it can be referenced by other configuration elements or applications. It is strongly suggested that the values correspond to the values included in the SP's Metadata. | |
conf:policyId | namespace-qualified by | References the | |
conf:signing | namespace-qualified by
| See Signing&Encryption. Controls outbound signing of XML messages and content subject to applicability to the protocol involved. | |
conf:encryption | See Signing&Encryption. Controls outbound encryption of XML messages and content subject to applicability to the protocol involved. |