ccab30d5f2
Closes #31330 Signed-off-by: rmartinc <rmartinc@redhat.com>
47 lines
2 KiB
Text
47 lines
2 KiB
Text
[[_sp-idp-singlesignonservice]]
|
|
|
|
== IDP SingleSignOnService sub element
|
|
|
|
The `SingleSignOnService` sub element defines the login SAML endpoint of the IDP.
|
|
The client adapter will send requests
|
|
to the IDP formatted via the settings within this element when it wants to log in.
|
|
|
|
[source,xml]
|
|
----
|
|
|
|
<SingleSignOnService signRequest="true"
|
|
validateResponseSignature="true"
|
|
requestBinding="post"
|
|
bindingUrl="url"/>
|
|
----
|
|
|
|
Here are the config attributes you can define on this element:
|
|
|
|
signRequest::
|
|
Should the client sign authn requests? This setting is _OPTIONAL_.
|
|
Defaults to whatever the IDP `signaturesRequired` element value is.
|
|
|
|
validateResponseSignature::
|
|
Should the client expect the IDP to sign the assertion response document sent back from an authn request?
|
|
This setting _OPTIONAL_. Defaults to whatever the IDP `signaturesRequired` element value is.
|
|
|
|
requestBinding::
|
|
This is the SAML binding type used for communicating with the IDP. This setting is _OPTIONAL_.
|
|
The default value is `POST`, but you can set it to `REDIRECT` as well.
|
|
|
|
responseBinding::
|
|
SAML allows the client to request what binding type it wants authn responses to use.
|
|
The values of this can be `POST` or `REDIRECT`. This setting is _OPTIONAL_.
|
|
The default is that the client will not request a specific binding type for responses.
|
|
|
|
assertionConsumerServiceUrl::
|
|
URL of the assertion consumer service (ACS) where the IDP login service should send responses to.
|
|
This setting is _OPTIONAL_. By default it is unset, relying on the configuration in the IdP.
|
|
When set, it must end in `/saml`, for example `\http://sp.domain.com/my/endpoint/for/saml`. The value
|
|
of this property is sent in `AssertionConsumerServiceURL` attribute of SAML `AuthnRequest` message.
|
|
This property is typically accompanied by the `responseBinding` attribute.
|
|
|
|
bindingUrl::
|
|
This is the URL for the IDP login service that the client will send requests to. This setting is _REQUIRED_.
|
|
|
|
|