libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Update topics/saml/java/general-config/sp_element.adoc

Browse source
This commit is contained in:
Stian Thorgersen 2016-06-10 13:01:17 +02:00
parent 9c0ff6fa0f
commit cc2f100cab
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
topics/saml/java/general-config/sp_element.adoc
View file

@ -24,7 +24,7 @@ sslPolicy::
For `ALL`, all requests must come in via HTTPS. For `ALL`, all requests must come in via HTTPS.
For `EXTERNAL`, only non-private IP addresses must come over the wire via HTTPS. For `EXTERNAL`, only non-private IP addresses must come over the wire via HTTPS.
For `NONE`, no requests are required to come over via HTTPS. For `NONE`, no requests are required to come over via HTTPS.
This is _OPTIONAL._ and defaults to `EXTERNAL`. This is _OPTIONAL._. Default value is `EXTERNAL`.
nameIDPolicyFormat:: nameIDPolicyFormat::
SAML clients can request a specific NameID Subject format. SAML clients can request a specific NameID Subject format.
@ -35,17 +35,17 @@ nameIDPolicyFormat::
forceAuthentication:: forceAuthentication::
SAML clients can request that a user is re-authenticated even if they are already logged in at the IDP. SAML clients can request that a user is re-authenticated even if they are already logged in at the IDP.
Set this to `true` if you want this. This setting is _OPTIONAL._. Set this to `true` if you want this. This setting is _OPTIONAL._ and defaults to `false`.
Set to `false` by default. Default value is `false`.
isPassive:: isPassive::
SAML clients can request that a user is never asked to authenticate even if they are not logged in at the IDP. SAML clients can request that a user is never asked to authenticate even if they are not logged in at the IDP.
Set this to `true` if you want this. Set this to `true` if you want this.
Do not use together with `forceAuthentication` as they are opposite. This setting is _OPTIONAL._. Do not use together with `forceAuthentication` as they are opposite. This setting is _OPTIONAL._.
It is set to `false` by default. Default value is `false`.
turnOffChangeSessionIdOnLogin:: turnOffChangeSessionIdOnLogin::
The session id is changed by default on a successful login on some platforms to plug a security attack vector. The session id is changed by default on a successful login on some platforms to plug a security attack vector.
Change this to `true` if you want to turn this off. It is recommended you do not turn it off. Change this to `true` if you want to turn this off. It is recommended you do not turn it off.
The default value is `false`. Default value is `false`.