Skip to main content

SAML2ArtifactResolutionProfile

Definition

This profile is used when the Service Provider wants to resolve or check a received assertion. The profile configuration settings are quite similar to those present in SAML2SSOProfile:

Screen overview

&&TODO&&

Standard attributes

  • Class: class name.
  • Enabled: if it is checked (selected option is Yes) that protocol will be enabled.
  • Sign Responses: a sign response guarantees the service provider that the response has been issued by the Identity Provider &&TODO&&
    • Conditional ¿Como funciona?
    • Always
    • Never
    •  
  • Sign Assertions: it's advisable to sign every assertion, so it avoids assertion spoofing. &&TODO&&
  • Sign Assertions &&TODO&&
  • Encrypt Assertions: it's a good practice to encrypt assertions. Nevertheless, it makes more dificult to diagnose misconfiguration of SAML federation. Disable it only when needed.
  • Encrypt NameIds: encrypt Name Ids when they are not part of an assertion.

&&TODO&&

Back to top