Setting | Purpose | Mandatory? | Typical |
---|
saml2.compress.request
| Should the SP compress the SAML2Request XML? | NO - defaults to true | true |
saml2.compress.response
| If the SP sends a SAMLResponse, should it compress the XML? | NO - defaults to true | true |
saml2.security.authnrequest_signed
| Will the SP digitally sign its AuthnRequest inside the SAMLRequest? | YES | true |
saml2.security.want_messages_signed
| Does the SP want the IdP to digitally sign its SAML messages? | YES | true |
saml2.security.want_assertions_signed
| Does the SP want the IdP to digitally sign its SAML assertions? | YES | false |
saml2.security.want_xml_validation
| Should the SP validate all outbound and incoming SAML XML? | YES | true |
saml2.security.signature_algorithm
| The W3 URI for an XML Signature Algorithm | YES | "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" |
saml2.security.requested_authncontext
| The requested AuthnContext the SP wants from the IdP | YES | “exact” |
saml2.sp.entityid
| The URI of the Syndeia service as SP | YES | "http://MYSP.MYCOMPANY.MYCOM:MYPORT" |
saml2.sp.assertion_consumer_service.url
| The SAML2 authentication endpoint at the Syndeia SP | YES | "http://MYSP.MYCOMPANY.MYCOM:MYPORT/authenticate/SAML2" |
saml2.sp.assertion_consumer_service.binding
| | | |
saml2.sp.single_logout_service.url
| | | |
saml2.sp.single_logout_service.binding
| | | |
saml2.sp.nameidformat
| | | |
saml2.sp.x509cert
| | | |
saml2.sp.privatekey
| | | |
saml2.idp.entityid
| | | "https://OURIDP.IDPCOMPANY.IDPCOM:IDPPORT" |
saml2.idp.single_sign_on_service.url
| | | |
saml2.idp.single_sign_on_service.binding
| | | |
saml2.idp.x509cert
| | | |
saml2.social.attribute.key.uid
| | | “uid” |
saml2.social.attribute.key.firstname
| | | “first_name” |
saml2.social.attribute.key.lastname
| | | “last_name” |
saml2.social.attribute.key.fullname
| | | “fullname” |
saml2.social.attribute.key.email
| | | “email” |