| Override |
Definition |
Notes |
| Sign Logout Response |
Signs the logout response in reply of a logout request |
Check box to enable |
| Sign Logout Request |
Signs the logout request to initiate the logout flow |
Check box to enable |
| Create new user if mapping doesn't exist |
If the user attempting to access the SP fails authentication, a new user account will be created |
Check box to enable |
| Sign Login Response |
Signs the login response sent by the IDP to the SP |
Check box to enable |
| Force Disable Login Response Signature |
Disables the ability to sign the login response signature |
Check box to enable |
| Sign Login Assertion |
When the authentication process is successful, it will sign the assertion sent in the SAML response |
Check box to enable |
| Signature Algorithm |
Changes the algortihm when signing any message generated by the IDP |
Options include RSA_SHA1, RSA_SHA256, and RSA_SHA512 |
| Data Encyption Algorithm |
Changes the encryption algorithm for the data exchanged between the IDP and SP |
Options include TRI_DEC, AES_128, and AES_256 |
| Key Encryption Algorithm |
Changes the encryption algortithm for the keys used to verify digital signartures between the IDP and SP during verification of authentication |
Options inlucde RSA_1_5 and RSA_OAEP_MGF1P |
| Signing Certificate |
Creates the signing certificate sent to the SP when user authentication is successful |
Allows you to create the certificate from scratch |
| Encryption certificate |
Creates the signing certificate with encryption sent to the SP when user authentication is successful |
Allows you to create the certificate from scratch |
| Logout Service Url (redirect) |
Changes the SAML logout URL when signing out from the SP |
Customizable setting |
| Logout Serice Url (post) |
Changes the SAML logout URL when signing out from the IDP |
Customizable setting |
| Consumer Service Url (redirect) |
Changes the SP's assertion consumer service URL |
Customizable setting |
| Consumer Service Url (post) |
Changes the IDP's assertion consumer service URL |
Customizable setting |
| NameId Format |
Changes the format in which the NameId assertion is sent in the SAML response |
Gives you a list of options to choose from |
| NameId Value |
Changes the value in which the NameId assertion is sent in the SAML response |
Gives you a list of options to choose from |
| NameId Custom Value |
Allows you to create a custom NameId value |
Variables are allowed. Eg: {login_id}, {login_id:uc} (upper cased login id), {login_id:lc} (lower cased login id) |
| NameId Value Transformation |
Changes the NameId value's case sensitivity |
Options include uppercase and lowercase |
| Saml Response Timeout |
Provides saml response timeout (SessionNotOnOrAfter) in minutes |
Default is 480 (8 hours) |
