Override |
Definition |
Notes |
Sign Logout Response |
Signs the logout response in reply of a logout request |
Check box to enable |
Sign Logout Request |
Signs the logout request to initiate the logout flow |
Check box to enable |
Create new user if mapping doesn't exist |
If the user attempting to access the SP fails authentication, a new user account will be created |
Check box to enable |
Sign Login Response |
Signs the login response sent by the IDP to the SP |
Check box to enable |
Force Disable Login Response Signature |
Disables the ability to sign the login response signature |
Check box to enable |
Sign Login Assertion |
When the authentication process is successful, it will sign the assertion sent in the SAML response |
Check box to enable |
Signature Algorithm |
Changes the algortihm when signing any message generated by the IDP |
Options include RSA_SHA1, RSA_SHA256, and RSA_SHA512 |
Data Encyption Algorithm |
Changes the encryption algorithm for the data exchanged between the IDP and SP |
Options include TRI_DEC, AES_128, and AES_256 |
Key Encryption Algorithm |
Changes the encryption algortithm for the keys used to verify digital signartures between the IDP and SP during verification of authentication |
Options inlucde RSA_1_5 and RSA_OAEP_MGF1P |
Signing Certificate |
Creates the signing certificate sent to the SP when user authentication is successful |
Allows you to create the certificate from scratch |
Encryption certificate |
Creates the signing certificate with encryption sent to the SP when user authentication is successful |
Allows you to create the certificate from scratch |
Logout Service Url (redirect) |
Changes the SAML logout URL when signing out from the SP |
Customizable setting |
Logout Serice Url (post) |
Changes the SAML logout URL when signing out from the IDP |
Customizable setting |
Consumer Service Url (redirect) |
Changes the SP's assertion consumer service URL |
Customizable setting |
Consumer Service Url (post) |
Changes the IDP's assertion consumer service URL |
Customizable setting |
NameId Format |
Changes the format in which the NameId assertion is sent in the SAML response |
Gives you a list of options to choose from |
NameId Value |
Changes the value in which the NameId assertion is sent in the SAML response |
Gives you a list of options to choose from |
NameId Custom Value |
Allows you to create a custom NameId value |
Variables are allowed. Eg: {login_id}, {login_id:uc} (upper cased login id), {login_id:lc} (lower cased login id) |
NameId Value Transformation |
Changes the NameId value's case sensitivity |
Options include uppercase and lowercase |
Saml Response Timeout |
Provides saml response timeout (SessionNotOnOrAfter) in minutes |
Default is 480 (8 hours) |