The <md:ManageNameIDService>
element is used to configure handlers that are responsible for processing name identifier management messages from an IdP. These are protocol specific, but generally fall into two classes: requests, which inform the SP of a change, and responses, which conclude a change event initiated by the SP.
This is an advanced configuration feature. Most deployments can rely on the |
As a multi-protocol system, the SP itself is oblivious to specific management protocols; each handler provides the implementation of a particular protocol.
Location
(relative path)
Binding
(URI)
The SAML 2.0 NameID management handler implements the SAML 2.0 Browser NameID management profile. The incoming message must be a <samlp:ManageNameIDRequest>
. SP-initiated management is not currently supported.
If the message is a request via a front-channel binding, then the following steps are performed. If an error occurs at any point, an effort is made to respond to the requesting IdP with a <samlp:ManageNameIDResponse>
containing the error.
<samlp:ManageNameIDResponse>
is returned to the requesting IdP.If the message is a request via a back-channel binding, then the following steps are performed:
<samlp:ManageNameIDResponse>
is returned to the requesting IdP.The following Binding
values are supported:
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
urn:oasis:names:tc:SAML:2.0:bindings:SOAP