The <RelyingParty>
element allows the SP to customize its behavior when it interacts with particular identity providers or groups of providers. By default, many properties are set globally to an application. This element allows them to be overridden. Individual options can be selectively overriden within the <RelyingParty>
element.
Selection of an element can be named-based, or in V2.5 and above, can rely on an extensible matching mechanism called an EntityMatcher.
If the Name
attribute is present, then the matching process starts with the IdP's entityID
, and proceeds upwards through the IdP's Metadata matching against <EntitiesDescriptor>
group names that are found. The most specific match wins.
If the Name
attribute is not present, then a type
attribute must be used to indicate the type of EntityMatcher to apply, and other content will be required based on the type of matcher to specify how to match.
Prior to V2.5, only the Name
matching option is supported.
<ApplicationDefaults ... authType="TLS" artifactEndpointIndex="1" signing="false" encryption="false" requireConfidentiality="true" requireTransportAuth="true" signedAssertions="false" chunkedEncoding="false" connectTimeout="15" timeout="30" > ... <RelyingParty Name="SpecialFederation" keyName="special.example.org"/> ... </ApplicationDefaults> |
Name
(string)
entityID
or parent group names. As of V2.5, this attribute is optional and can be omitted in favor of a type
attribute.type
(string) (Version 2.5 and Above)
entityID
(URI)