Holder-of-key (Section)#
Path: /profiles/profile{id, type}/settings/saml-idp-service/assertion/holder-of-key
Configure Holder-of-Key settings for the assertions.
Parameters#
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| require-certificate-binding | boolean | optional | false | Set this to true to always include a Holder Of Key subject confirmation when issuing an assertion. When this setting is enabled and no certificate was available, an error will be returned. When disabled, a Holder of Key subject confirmation will be included when a certificate is available. |
| x509-certificate-attribute-name | non-empty-string | optional | x509_client_certificate | The name of the subject attribute that contains the X.509 certificate to be used for Holder Of Key subject confirmations. Defaults to ‘x509_client_certificate’. |
| include-certificate | boolean | optional | true | Set this to true to include the X.509 certificate in the Holder Of Key subject confirmation. Defaults to true. |
| include-subject-key-identifier | boolean | optional | true | Set this to true to include the Subject Key Identifier in the Holder Of Key subject confirmation. If no Subject Key Identifier extension was included in the certificate, this setting will be ignored. Defaults to true. |
| include-subject-name | boolean | optional | true | Set this to true to include the Subject Name in the Holder Of Key subject confirmation. Defaults to true. |
| include-subject-issuer-serial | boolean | optional | true | Set this to true to include the Subject Issuer and Serial Number in the Holder Of Key subject confirmation. Defaults to true. |