IdPShibSSOProfileConfig
Relying Party Shibboleth SSO Profile Configuration
This profile configuration enables and configures the Shibboleth SSO profile. This is the profile used by Shibboleth 1.X allowing an SP to solicit an authentication response from the IdP.
Basic Configuration
This profile is configured by adding the <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" /> element to a RelyingParty definition. This element supports the following basic attributes:
- includeAttributeStatement - (optional) a boolean flag indicating whether to include an attribute statement in addition to the authentication statement, defaults to false
Example Shibboleth SSO Profile Configuration Overriding some Defaults
<ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile"
includeAttributeStatement="true"/>
Advanced Configuration
The Shibboleth SSO profile configuration supports the following advanced configuration attributes:
- outboundArtifactType - Default artifact type used when sending responses via artifact, defaults to 1
- assertionLifetime - The lifetime, in milliseconds, for issued assertions, defaults to 300000 (5 minutes)
- includeConditionsNotBefore - (V2.4.0+) Include a
NotBeforetimestamp in the assertions' validity conditions, defaults to true - signResponses - see Configuring XML Signature and Encryption
- signAssertions - see Configuring XML Signature and Encryption
- signRequests - see Configuring XML Signature and Encryption
In addition, the Shibboleth SSO profile configuration element supports one child element:
<Audience>whose content is used to populate the<Audience>elements of the<AudienceRestrictionCondition> element. This element may appear any number of times, one for each audience.