Skip to main content

SAML2ECPProfile

Definition

The enhanced client profile is used when the Service Provider is not a web application. Nowadays, it is rarely used, as most mobile applications have shifted to OAuth or OpenIDConnect.

Screen overview

 &&TODO&&

Standard attributes

  • Class: class name.
  • Enabled: if it is checked (selected option is Yes) that protocol will be enabled.
  • Sign Responses: a sign response guarantees the service provider that the response has been issued by the Identity Provider &&TODO&&
    • Conditional ¿Como funciona?
    • Always
    • Never
    •  
  • Sign Assertions: it's advisable to sign every assertion, so it avoids assertion spoofing. &&TODO&&
  • Sign Assertions &&TODO&&
  • Encrypt Assertions: it's a good practice to encrypt assertions. Nevertheless, it makes more dificult to diagnose misconfiguration of SAML federation. Disable it only when needed.
  • Encrypt NameIds: encrypt Name Ids when they are not part of an assertion.
  • Assertion Proxy Count: number of SAML proxies that can forward an assertion. 0 stands for no limit.
  • Include Attribute Statement: on a SSO profile will give the service provider every attribute bound to the identified user, avoid the need for extra attribute requests.
    • Include Attribute Statement : &&TODO&& este es un campo de texto debajo del check anterior
  • Locality DNS Name &&TODO&&
Back to top