Skip to main content

SAML2SSOProfile

Definition

This is the most common used SAML profile. It allows the IdP to identify users and to give such information to Service Providers. 

Screen overview

&&TODO&&

Standard attributes

  • Class:Sign classResponses: name.a sign response guarantees the service provider that the response has been issued by the Identity Provider &&TODO&&
    • Conditional ¿Como funciona?
    • Enabled:Always
      • if
    • Never
    •  
  • Sign Assertions: it's advisable to sign every assertion, so it isavoids checkedassertion (selectedspoofing. option is Yes) that protocol will be enable.
  • Sign Responses : &&TODO&&
  • Sign Assertions : &&TODO&&
  • SignEncrypt Assertions: &&TODO&&it's a good practice to encrypt assertions. Nevertheless, it makes more dificult to diagnose misconfiguration of SAML federation. Disable it only when needed.
  • Encrypt assertoinsNameIds: &&TODO&&encrypt Name Ids when they are not part of an assertion.
  • Encrypt NamesIds &&TODO&&
  • Assertion Proxy Count: &&TODO&&number of SAML proxies that can forward an assertion. 0 stands for no limit.
  • Include Attribute Statement: on a SSO profile will give the service provider every attribute bound to the identified user, avoid the need for extra attribute requests.
    • Include Attribute Statement : &&TODO&& este es un campo de texto debajo del check anterior

 

    Back to top