SAML2 Sessions Configurations

The SP  <Sessions> Configuration  support for SAML2 provides support for

  • SAML2 and SAMLDS SessionInitiator
  • SAML 2.0 AssertionConsumerService with support for the following Bindings
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
    • urn:oasis:names:tc:SAML:2.0:bindings:PAOS
  • SAML 2.0 ArtifactResolutionService with the urn:oasis:names:tc:SAML:2.0:bindings:HTTP-SOAP binding
  • SAML2 LogoutInitiator 
  • SAML 2.0 SingleLogoutService with support for the following Bindings
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
    • urn:oasis:names:tc:SAML:2.0:bindings:SOAP
  • SAML 2.0 ManageNameIDService with the following bindings
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
    • urn:oasis:names:tc:SAML:2.0:bindings:SOAP

Default Simplified Protocol Configuration for SAML2

<SSO/>

<SSO attr1="xry" attr2="abc">SAML2</SSO>


<!-- Equivalent to -->
   
<SessionInitiator type="SAML2" attr1="xry" attr2="abc"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="/SAML2/POST" index="1" />
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="/SAML2/POST-SimpleSign" index="2" />
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="/SAML2/Artifact" index="3" />
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="/SAML2/ECP" index="4" />

<md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="/Artifact/SOAP" index="1" />

<Logout/>

<Logout>SAML2</Logout>


<!-- Equivalent to -->
<LogoutInitiator type="SAML2"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="/SLO/SOAP" />
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="/SLO/Redirect" />
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="/SLO/POST" />
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="/SLO/Artifact" />


<md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="/Artifact/SOAP" />

<NameIDMgmt/>

<NameIDMgmt>SAML2</NameIDMgmt>


<!-- Equivalent to -->
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="/NIM/SOAP" />
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="/NIM/Redirect" />
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="/NIM/POST" />
<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="/NIM/Artifact" />


<md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="/Artifact/SOAP" />