SAML2 Sessions Configurations

Owned by Rod Widdowson
Last updated: Dec 08, 2021
1 min read

The SP  <Sessions> Configuration  support for SAML2 provides support for

  • SAML2 and SAMLDS SessionInitiator

  • SAML 2.0 AssertionConsumerService with support for the following Bindings

    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign

    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact

    • urn:oasis:names:tc:SAML:2.0:bindings:PAOS

  • SAML 2.0 ArtifactResolutionService with the urn:oasis:names:tc:SAML:2.0:bindings:HTTP-SOAP binding

  • SAML2 LogoutInitiator 

  • SAML 2.0 SingleLogoutService with support for the following Bindings

    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign

    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact

    • urn:oasis:names:tc:SAML:2.0:bindings:SOAP

  • SAML 2.0 ManageNameIDService with the following bindings

    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign

    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact

    • urn:oasis:names:tc:SAML:2.0:bindings:SOAP

Default Simplified Protocol Configuration for SAML2

<SSO/>

<SSO attr1="xry" attr2="abc">SAML2</SSO> <!-- Equivalent to --> <SessionInitiator type="SAML2" attr1="xry" attr2="abc"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="/SAML2/POST" index="1" /> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="/SAML2/POST-SimpleSign" index="2" /> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="/SAML2/Artifact" index="3" /> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="/SAML2/ECP" index="4" /> <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="/Artifact/SOAP" index="1" />

<Logout/>

<Logout>SAML2</Logout> <!-- Equivalent to --> <LogoutInitiator type="SAML2"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="/SLO/SOAP" /> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="/SLO/Redirect" /> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="/SLO/POST" /> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="/SLO/Artifact" /> <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="/Artifact/SOAP" />

<NameIDMgmt/>

<NameIDMgmt>SAML2</NameIDMgmt> <!-- Equivalent to --> <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="/NIM/SOAP" /> <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="/NIM/Redirect" /> <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="/NIM/POST" /> <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="/NIM/Artifact" /> <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="/Artifact/SOAP" />