Versions Compared

Old Version 13

changes.mady.by.user Oliver Wulff

Saved on

compared with

New Version 14

changes.mady.by.user Oliver Wulff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

XML element

Name

Use

Description

issuer

Issuer URL

Required

This URL defines the location of the IDP to whom unauthenticated requests are redirected

realm

Realm

Optional

Security realm of the Relying Party / Application. This value is part of the SignIn request as the wtrealm parameter.
Default: URL including the Servlet Context

authenticationType

Authentication Type

Optional

The authentication type defines what kind of authentication is required. This information is provided in the SignInRequest to the IDP (parameter wauth)
The WS-Federation standard defines a list of predefined URIs for wauth here.

roleURI

Role Claim URI

Optional

Defines the attribute name of the SAML token which contains the roles.
Required for Role Based Access Control.

roleDelimiter

Role Value Delimiter

Optional

There are different ways to encode multi value attributes in SAML.

  • Single attribute with multiple values
  • Several attributes with the same name but only one value
  • Single attribute with single value. Roles are delimited by roleDelimiter

claimTypesRequested

Requested claims

Optional

The claims required by the Relying Party are listed here. Claims can be optional. If a mandatory claim can't be provided by the IDP the issuance of the token should fail

homeRealm

Home Realm

Optional

Indicates the Resource IDP the home realm of the requestor. This may be an URL or an identifier like urn: or uuid: and depends on the Resource IDP implementation. This value is part of the SignIn request as the whr parameter

tokenValidators

TokenValidators

Optional

Custom Token validator classes can be configured here. The SAML Token validator is enabled by default.
See example here

...