SAML1AttributeQueryProfile

Definition

&&TODO&&

1 &&TODO&& se repite sign assertion, la segunda es sign Requests

Standard attributes

~~Class~~Class: class ~~name.~~name (readOnly field).
Enabled: if it is checked (selected option is Yes) that protocol will be ~~enabled.~~enable.
Sign Responses: ausually it can be set to never, as long as the assertions are signed. Its preferable to sign ~~response~~assertions ~~guarantees~~rather than responses, because the assertion can be forwarded by the service provider ~~that~~to another service provider, but the response ~~has been issued by the Identity Provider~~ ~~&&TODO&&~~
- ~~Conditional ¿Como funciona?~~
- ~~Always~~
- ~~Never~~
not.
Sign Assertions: it's advisable to sign every assertion, so it avoids assertion spoofing. The ~~&&TODO&&~~assertion can be forwarded by the service provider to another service provider.
Sign ~~Assertions~~Request: ~~&&TODO&&~~the identity provider will issue requests to service providers in order to perform the single logout process. Unless it is needed by any service provider, leave it to conditional.
Outbound Artifact Type: defaults to 4. Any other value is not ~~supported~~supported. For more information, see SAML specification.
Assertion Lifetime~~&&TODO&&~~: specifies the validity period for the generated assertions . The time period is specified using the ISO 8601 notation. The standard format follows the pattern: PnYnMnDTnHnMnS.

Assertion Lifetime examples:

P3Y6M4DT12H30M5S" sets a duration of three years, six months, four days, twelve hours, thirty minutes, and five seconds.