Saml (Section)#
Path: /profiles/profile{id, type}/settings/authentication-service/protocols/protocol{id}/saml
A SAML Protocol plugin for integration with services like ADFS and other SAML providers
Parameters#
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| signing-key | leafref | required | Reference to the key that is used to sign the login token. The signing key must be accompanied by a certificate. | |
| recipient-entity-id | string | required | The recipient or audience of the SAML response messages and assertions | |
| acs-url | uri | required | The Assertion Consumer Service (ACS) URL where SAML Response messages are posted to | |
| saml-federation-service-type | enumeration | optional | generic | The type of Federation Service that will receive the login token |
| saml-clock-skew | uint32 | optional | 60 | The number of seconds allowed for clock skew (subtracted from or added to the issuance timestamp, considering saml-message-time-to-live) that is used to compute the time before or after which a token must not be used |
| saml-assertion-time-to-live | uint32 | optional | 300 | The number of seconds that SAML assertions are valid. |
| include-session-index-in-response | boolean | optional | false | Include SessionIndex in AuthnStatement of the SAML response. |
| logout-service-url | uri | optional | The URL to send logout responses to. If empty, the ACS URL will be used. | |
| sign-assertions | boolean | optional | false | Sign the assertion in addition to the response. |
| saml-message-time-to-live | uint32 | optional | 300 | The number of seconds after issuance that a SAML message is considered to be valid. |