libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions
keycloak-scim/securing_apps/topics/saml/java/general-config/idp_singlesignonservice_subelement.adoc
Matthew Helmke 2c2c7f7b50 Revert "fixed Wildfly mentions and faulty links with underscores" 
This reverts commit 1ecbc1ba14075203af437295927699adf84cc428.
2019-02-20 11:51:28 +01:00

47 lines
2 KiB
Text
Raw Blame History

[[_sp-idp-singlesignonservice]]
===== IDP SingleSignOnService sub element
The `SingleSignOnService` sub element defines the login SAML endpoint of the IDP.
The client adapter will send requests
to the IDP formatted via the settings within this element when it wants to login.
[source,xml]
----
<SingleSignOnService signRequest="true"
validateResponseSignature="true"
requestBinding="post"
bindingUrl="url"/>
----
Here are the config attributes you can define on this element:
signRequest::
Should the client sign authn requests? This setting is _OPTIONAL_.
Defaults to whatever the IDP `signaturesRequired` element value is.
validateResponseSignature::
Should the client expect the IDP to sign the assertion response document sent back from an auhtn request?
This setting _OPTIONAL_. Defaults to whatever the IDP `signaturesRequired` element value is.
requestBinding::
This is the SAML binding type used for communicating with the IDP. This setting is _OPTIONAL_.
The default value is `POST`, but you can set it to `REDIRECT` as well.
responseBinding::
SAML allows the client to request what binding type it wants authn responses to use.
The values of this can be `POST` or `REDIRECT`. This setting is _OPTIONAL_.
The default is that the client will not request a specific binding type for responses.
assertionConsumerServiceUrl::
URL of the assertion consumer service (ACS) where the IDP login service should send responses to.
This setting is _OPTIONAL_. By default it is unset, relying on the configuration in the IdP.
When set, it must end in `/saml`, e.g. `\http://sp.domain.com/my/endpoint/for/saml`. The value
of this property is sent in `AssertionConsumerServiceURL` attribute of SAML `AuthnRequest` message.
This property is typically accompanied by the `responseBinding` attribute.
bindingUrl::
This is the URL for the IDP login service that the client will send requests to. This setting is _REQUIRED_.
Reference in a new issue View git blame Copy permalink