From cc2f100cab58174f22f66c16a75c6313c955af4d Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Fri, 10 Jun 2016 13:01:17 +0200 Subject: [PATCH] Update topics/saml/java/general-config/sp_element.adoc --- topics/saml/java/general-config/sp_element.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/topics/saml/java/general-config/sp_element.adoc b/topics/saml/java/general-config/sp_element.adoc index 3637b75f1e..05ec4bf169 100644 --- a/topics/saml/java/general-config/sp_element.adoc +++ b/topics/saml/java/general-config/sp_element.adoc @@ -24,7 +24,7 @@ sslPolicy:: For `ALL`, all requests must come in via HTTPS. For `EXTERNAL`, only non-private IP addresses must come over the wire via HTTPS. For `NONE`, no requests are required to come over via HTTPS. - This is _OPTIONAL._ and defaults to `EXTERNAL`. + This is _OPTIONAL._. Default value is `EXTERNAL`. nameIDPolicyFormat:: SAML clients can request a specific NameID Subject format. @@ -35,17 +35,17 @@ nameIDPolicyFormat:: forceAuthentication:: SAML clients can request that a user is re-authenticated even if they are already logged in at the IDP. - Set this to `true` if you want this. This setting is _OPTIONAL._. - Set to `false` by default. + Set this to `true` if you want this. This setting is _OPTIONAL._ and defaults to `false`. + Default value is `false`. isPassive:: SAML clients can request that a user is never asked to authenticate even if they are not logged in at the IDP. Set this to `true` if you want this. Do not use together with `forceAuthentication` as they are opposite. This setting is _OPTIONAL._. - It is set to `false` by default. + Default value is `false`. turnOffChangeSessionIdOnLogin:: The session id is changed by default on a successful login on some platforms to plug a security attack vector. Change this to `true` if you want to turn this off. It is recommended you do not turn it off. - The default value is `false`. + Default value is `false`.