Skip to main content

SAML2AttributeQueryProfile

Definition

his profile is used when the SSOProfile does not include attributes statements in the assertion.

Screen overview

&&TODO&&

Standard attributes

&&TODO&&

  • Class:Class: class name.
  • Enabled:Enabled: if it is checked (selected option is Yes) that protocol will be enable.enabled.
  • Sign Responses : a sign response guarantees the service provider that the response has been issued by the Identity Provider &&TODO&&
    • Conditional ¿Como funciona?
    • Always
    • Never
    •  
  • Sign Assertions : it's advisable to sign every assertion, so it avoids assertion spoofing.  &&TODO&&
  • Sign Assertions &&TODO&&
  • Encrypt assertoins&&TODO&&Assertions: it's a good practice to encrypt assertions. Nevertheless, it makes more dificult to diagnose misconfiguration of SAML federation. Disable it only when needed.
  • Encrypt NamesIds&&TODO&&NameIds: encrypt Name Ids when they are not part of an assertion.
  • AssertinAssertion Proxy Count&&TODO&&: number of SAML proxies that can forward an assertion. 0 stands for no limit.

     

    Back to top