Page tree

The Shibboleth 2.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

Skip to end of metadata
Go to start of metadata

Relying Party SAML 2 SSO Profile Configuration

This profile configuration enables and configures the SAML 2 SSO profile.

Basic Configuration

This profile is configured by adding the <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" /> element to a RelyingParty definition. This element supports the following basic attributes:

  • includeAttributeStatement - (optional) a boolean flag indicating whether to include an attribute statement in addition to the authentication statement, defaults to true
Example SAML2 SSO Profile Configuration
<ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
Example SAML2 SSO Profile Configuration Overriding some Defaults
<ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
                      signAssertions="always"
                      includeAttributeStatement="true"/>

Advanced Configuration

The SAML2 SSO profile configuration supports the following advanced configuration attributes:

In addition, the SAML 2 SSO profile configuration element supports two child elements.

  • <Audience>, whose content is used to populate the <Audience> elements of <AudienceRestriction> element. This element may appear any number of times, one for each audience.
  • <ProxyAudience>, whose content is used to populate the Audience elements of the <ProxyRestriction> condition element. This element may appear any number of times, one for each audience.