keycloak-scim/topics/saml/java/general-config/idp_singlesignonservice_subelement.adoc
2016-11-04 21:43:30 +01:00

40 lines
1.5 KiB
Text

[[_sp-idp-singlesignonservice]]
===== IDP SingleSignOnService sub element
The `SingleSignOnService` sub element defines the login SAML endpoint of the IDP.
The client adapter will send requests
to the IDP formatted via the settings within this element when it wants to login.
[source,xml]
----
<SingleSignOnService signRequest="true"
validateResponseSignature="true"
requestBinding="post"
bindingUrl="url"/>
----
Here are the config attributes you can define on this element:
signRequest::
Should the client sign authn requests? This setting is _OPTIONAL_.
Defaults to whatever the IDP `signaturesRequired` element value is.
validateResponseSignature::
Should the client expect the IDP to sign the assertion response document sent back from an auhtn request?
This setting _OPTIONAL_. Defaults to whatever the IDP `signaturesRequired` element value is.
requestBinding::
This is the SAML binding type used for communicating with the IDP. This setting is _OPTIONAL_.
The default value is `POST`, but you can set it to `REDIRECT` as well.
responseBinding::
SAML allows the client to request what binding type it wants authn responses to use.
The values of this can be `POST` or `REDIRECT`. This setting is _OPTIONAL_.
The default is that the client will not request a specific binding type for responses.
bindingUrl::
This is the URL for the IDP login service that the client will send requests to. This setting is _REQUIRED_.