ManageNameIDService
Advanced Configuration
This is an advanced configuration feature. Most deployments can rely on the <NameIDMgmt>
Ā shorthand element.
TheĀ <md:ManageNameIDService>
Ā element is used to configure handlers that are responsible for processing name identifier management messages from an IdP. These are protocol specific, but generally fall into two classes: requests, which inform the SP of a change, and responses, which conclude a change event initiated by the SP.
Protocols
As a multi-protocol system, the SP itself is oblivious to specific management protocols; each handler provides the implementation of a particular protocol.
The only Implementation available is for the SAML2 protocol.Ā
SAML2
The SAML 2.0 NameID management handler implements the SAML 2.0 Browser NameID management profile. The incoming message must be aĀ <samlp:ManageNameIDRequest>
. SP-initiated management is not currently supported.
If the message is a request via a front-channel binding, then the following steps are performed. If an error occurs at any point, an effort is made to respond to the requesting IdP with aĀ <samlp:ManageNameIDResponse>
containing the error.
Verification of the information in the request against the active session is done.
The back-channelĀ application notificationĀ loop is executed.
AĀ
<samlp:ManageNameIDResponse>
Ā is returned to the requesting IdP.
If the message is a request via a back-channel binding, then the following steps are performed:
The back-channelĀ application notificationĀ loop is executed.
AĀ
<samlp:ManageNameIDResponse>
Ā is returned to the requesting IdP.
The followingĀ Binding
Ā values are supported:
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
urn:oasis:names:tc:SAML:2.0:bindings:SOAP
Common Attributes
The following may be specified for all protocols and bindings
Name | Type | Default | Description |
---|---|---|---|
Location | relative path | required | The location of the service (when combined with the base handlerURL). This is the location to which an IdP sends requests to resolve artifacts. |
BindingĀ | UTI | required | Identifies the protocol binding supported by the service. |