Configure Service Providers that use the SAML (Security Assertion Markup Language) 2.0 Protocol.
These settings describe the behavior of the interaction between the Service Provider and IDHub (acting as IDP).
User defined name of the Service Provider
User defined description of the Service Provider
Defines which IDP(s) that can authenticate a user for this Service Provider, and how the user can authenticate.
Primary user attribute that is used to identify the user.
This uniquely identifies your SAML2 partner. It will be provided by the partner if you want to use SAML2
Signs Authentication Request
This indicates whether the Service Provider digitally signs the Authentication Request or not
If set to true, the response from the IDHub to the Service Provider will be signed
If set to true, the assertion from the IDHub to the Service Provider will be signed
If set to true, the assertion from the IDHub to the Service Provider will be encrypted
Defines which part of the assertion is encrypted:
The algorithm used to encrypt the SAML responses send to the Service Provider. This is specified in the EncryptionMethod in the Algorithm attribute in the XML meta data provided by the Service Provider.
If set to true, the logout request to or from the Service Provider is signed
Default Name ID
The Name ID to use when a Service Provider does not provide a name id format in the authentication request
Include X509 Certificate
Includes the complete certificate in the signature.
Include X509 Alias
Includes the singing certificate alias in the signature
Include PK Name
Includes the public key name in the signature.
Define which algorithm is used to sign the assertion.
Post Profile Template
The Audience field is provided in an assertion, and is used by the Service Provider to verify if this Assertion is intended for him. This field allows for IDHub to specify a specific Audience in the assertion for this Service Provider.
Typically an URL (URI) specifying the location where to present the assertion to the Service Provider.
IDHub Entity ID
Overrides the unique identification for IDHub to that Service Provider, instead of the default.
Time to live
Defines how long the provide Assertion will be valid
Defines which Digest algorithm is used to calculate the hash value that is passed as the "DigestValue" in the assertion. This value can be used by the SP to validate the assertion.
Certificates are managed at Certificate Overview.
It is still possible to import certificates without needing to leave the Service Provider screen.
Defines what the certificate is used for.
The alias of the certificate to use for this context.
Defines from when this certificate may be used. In some cases these periods may overlap for the same context (eg. during a certificate renewal), but in other cases they may never overlap (Key - Signing, Trust - Encryption, Key - TLS).
Defines until when this certificate may be used.
This is a list of endpoints to which Assertions can be sent (AssertionConsumingService).
How the Assertion is provided to the Service Provider.
URL of the Endpoint
Index of the Endpoint (provided by the SP)
Defines if this is the default Assertion Endpoint.
Endpoints where Log-out requests to the SP can be sent and received. Both parties can initiate an SLO request.
How the SLO Request is provided to the Service Provider.
URL of the Endpoint where the log-out request is sent
URL where the Log-out response is received from the SP.