Setting | Purpose | Mandatory? | Typical |
|---|
saml2.compress.request
| Should the SP compress the SAML2Request XML? | NO - defaults to true | true |
saml2.compress.response
| If the SP sends a SAMLResponse, should it compress the XML? | NO - defaults to true | true |
saml2.security.authnrequest_signed
| Will the SP digitally sign its AuthnRequest inside the SAMLRequest? | YES | true |
saml2.security.want_messages_signed
| Does the SP want the IdP to digitally sign its SAML messages? | YES | true |
saml2.security.want_assertions_signed
| Does the SP want the IdP to digitally sign its SAML assertions? | YES | false |
saml2.security.want_xml_validation
| Should the SP validate all outbound and incoming SAML XML? | YES | true |
saml2.security.signature_algorithm
| The W3 URI for an XML Signature Algorithm | YES | "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" |
saml2.security.requested_authncontext
| The requested AuthnContext the SP wants from the IdP | YES | “exact” |
saml2.sp.entityid
| The URI of the Syndeia service as SP | YES | "http://MYSP.MYCOMPANY.MYCOM:MYPORT" |
saml2.sp.assertion_consumer_service.url
| The SAML2 authentication endpoint at the Syndeia SP for SSO login | YES | "http://MYSP.MYCOMPANY.MYCOM:MYPORT/authenticate/SAML2" |
saml2.sp.assertion_consumer_service.bindingsaml2.sp.single_logout_service.url
| The selection of the SAML2 protocol that the SP will use to direct the User-Agent to the IdP | YES - HTTP-POST only | "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" |
saml2.sp.single_logout_service.binding
| saml2.sp.nameidformat
| saml2.sp.x509cert
| saml2.sp.privatekey
| saml2.idp.entityid
| "https://OURIDP.IDPCOMPANY.IDPCOM:IDPPORTurl | The SAML2 authentication endpoint at the Syndeia SP for SLO logoff | YES - but unused | "http://MYSP.MYCOMPANY.MYCOM:MYPORT/authenticate/SAML2" |
saml2.idpsp.single_sign_on_service.url
| saml2.idp.single_sign_on_service.binding
| saml2.idp.x509certlogout_service.binding
| The selection of the SAML2 protocol that the IdP would use to direct the User-Agent to the SP during SLO logoff | YES - HTTP-Redirect only | “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” |
saml2.sp.nameidformat
| The the name identifier to be used to represent the requested subject | YES | "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" |
saml2.sp.x509cert
| The PEM-format of the Public X.509 certificate of the SP | YES | “-----BEGIN CERTIFICATE…” |
saml2.sp.privatekey
| The PKCS#8-format of the Private Key for the SP | YES | "-----BEGIN PRIVATE KEY…” |
saml2.idp.entityid
| | YES | "https://OURIDP.IDPCOMPANY.IDPCOM:IDPPORT" |
saml2.idp.single_sign_on_service.url
| | YES | |
saml2.idp.single_sign_on_service.binding
| | YES | |
saml2.idp.x509cert
| The PEM-format of the Public X.509 certificate of the IDP | YES | “-----BEGIN CERTIFICATE…” |
saml2.social.attribute.key.uid
| In the SAML Attributes provided by the IdP, what is the key name for the Attribute that holds the user identifier? | YES | “uid” |
saml2.social.attribute.key.uid“uid”firstname
| In the SAML Attributes provided by the IdP, what is the key name for the Attribute that holds the user’s first name? | YES | “first_name” |
saml2.social.attribute.key.firstname
| “first_name” | saml2.social.attribute.key.lastnamelastname
| In the SAML Attributes provided by the IdP, what is the key name for the Attribute that holds the user’s last name? | YES | “last_name” |
saml2.social.attribute.key.fullname
| In the SAML Attributes provided by the IdP, what is the key name for the Attribute that holds the user’s full or display name? | YES | “fullname” |
saml2.social.attribute.key.email
| In the SAML Attributes provided by the IdP, what is the key name for the Attribute that holds the user’s email address? | YES | “email” |
