SAML2AttributeQueryProfile

Definition

his profile is used when the SSOProfile does not include attributes statements in the assertion.

Screen overview

1 &&TODO&& se repite sign assertion, la segunda es sign Requests

2 &&TODO&&  En encrypt assertions no hay lista desplegable

3 &&TODO&& ¿Que ocurre si selecciono la opcion en blanco? ¿cómo se comportaría?

Standard attributes

&&TODO&&

• Class: class name.name (readOnly field).
• Enabled: if it is checked (selected option is Yes) that protocol will be enabled.enable. 
• Sign Responses: ausually signit responseis guaranteesset to conditional or always, so as the service provider thatcan verify the response has been issued by the Identity Provider &&TODO&&
  • Conditional ¿Como funciona?
  • Always
  • Never
  •  
  authenticity.
• Sign Assertions: it'sis advisableusually set to signnever, everyas assertion,long soas itthe avoidsresponse assertionis spoofing.already  &&TODO&&signed.
• Sign AssertionsRequest: &&TODO&&not used, as the service provider will not need to generate requests.
• Encrypt Assertions: it'sis a gooddesired practicefeature, but some service providers, mainly public cloud service providers do not support it. Thus, the default value is to never encrypt, but you can set it to optional or always as needed.
  • If you set it to optional and the public key of the service provider who is going to receive the assertion is available, it will be used to encrypt assertions.it.
  Nevertheless,
  • If you set it makesto morenever, dificultit will not ever be encrypted in any case.
  • If you set it to diagnosealways, misconfigurationbut ofthe SAMLremote federation.service Disableprovider itencryption onlykey whenis needed.unknown, an exception will be raised.
• Encrypt NameIds: encryptshould Namebe Idslet whento they are not part of an assertion.never.
• Assertion Proxy Count: sets the maximum number of SAML proxieshops that can forwardbe anaccepted for any assertion. A number of 0 standsdoes fornot noset any limit.