e342353808
Updated the references to the version of keycloak_saml_adapter schema to 1_10 and added the details of the metadataUrl to the IDP element docs.
35 lines
1.6 KiB
Text
35 lines
1.6 KiB
Text
|
|
===== IDP Element
|
|
|
|
Everything in the IDP element describes the settings for the identity provider (authentication server) the SP is communicating with.
|
|
|
|
[source,xml]
|
|
----
|
|
<IDP entityID="idp"
|
|
signaturesRequired="true"
|
|
signatureAlgorithm="RSA_SHA1"
|
|
signatureCanonicalizationMethod="http://www.w3.org/2001/10/xml-exc-c14n#">
|
|
...
|
|
</IDP>
|
|
----
|
|
|
|
Here are the attribute config options you can specify within the `IDP` element declaration.
|
|
|
|
entityID::
|
|
This is the issuer ID of the IDP. This setting is _REQUIRED_.
|
|
|
|
signaturesRequired::
|
|
If set to `true`, the client adapter will sign every document it sends to the IDP.
|
|
Also, the client will expect that the IDP will be signing any documents sent to it.
|
|
This switch sets the default for all request and response types, but you will see later that you have some fine grain control over this.
|
|
This setting is _OPTIONAL_ and will default to `false`.
|
|
signatureAlgorithm::
|
|
This is the signature algorithm that the IDP expects signed documents to use.
|
|
Allowed values are: `RSA_SHA1`, `RSA_SHA256`, `RSA_SHA512`, and `DSA_SHA1`.
|
|
This setting is _OPTIONAL_
|
|
and defaults to `RSA_SHA256`.
|
|
signatureCanonicalizationMethod::
|
|
This is the signature canonicalization method that the IDP expects signed documents to use. This setting is _OPTIONAL_.
|
|
The default value is `\http://www.w3.org/2001/10/xml-exc-c14n#` and should be good for most IDPs.
|
|
metadataUrl::
|
|
The URL used to retrieve the IDP metadata, currently this is only used to pick up signing and encryption keys periodically which allow cycling of these keys on the IDP without manual changes on the SP side.
|