Skip to main content

SAML2ECPProfile

Definition

The enhanced client profile is used when the Service Provider is not a web application. Nowadays, it is rarely used, as most mobile applications have shifted to OAuth or OpenIDConnect.

Screen overview

 &&TODO&&

Standard attributes

  • Class:Class: class name.
  • Enabled:Enabled: if it is checked (selected option is Yes) that protocol will be enable.enabled.
  • Sign Responses: :a sign response guarantees the service provider that the response has been issued by the Identity Provider  &&TODO&&
    • Conditional ¿Como funciona?
    • Always
    • Never
    •  
  • Sign Assertions : it's advisable to sign every assertion, so it avoids assertion spoofing.   &&TODO&&
  • Sign Assertions  &&TODO&&
  • Encrypt assertions:Assertions:  &&TODO&&it's a good practice to encrypt assertions. Nevertheless, it makes more dificult to diagnose misconfiguration of SAML federation. Disable it only when needed.
  • Encrypt NamesIdsNameIds:  &&TODO&&encrypt Name Ids when they are not part of an assertion.
  • Assertion Proxy Count:  &&TODO&&number of SAML proxies that can forward an assertion. 0 stands for no limit.
  • Include Attribute Statement:  &&TODO&&
    • on a SSO profile will give the service provider every attribute bound to the identified user, avoid the need for extra attribute requests.
    • Include Attribute Statement :  &&TODO&& este es un campo de texto debajo del check anterior
  • Locality DNS Name &&TODO&&

 

Back to top