Page tree
Skip to end of metadata
Go to start of metadata

Relying Party SAML 2 SSO Profile Configuration

This profile configuration enables and configures the SAML 2 SSO profile.

Basic Configuration

This profile is configured by adding the <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" /> element to a RelyingParty definition. This element supports the following basic attributes:

  • includeAttributeStatement - (optional) a boolean flag indicating whether to include an attribute statement in addition to the authentication statement, defaults to true
Example SAML2 SSO Profile Configuration
<ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
Example SAML2 SSO Profile Configuration Overriding some Defaults
<ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
                      signAssertions="always"
                      includeAttributeStatement="true"/>

Advanced Configuration

The SAML2 SSO profile configuration supports the following advanced configuration attributes:

In addition, the SAML 2 SSO profile configuration element supports two child elements.

  • <Audience>, whose content is used to populate the <Audience> elements of <AudienceRestriction> element. This element may appear any number of times, one for each audience.
  • <ProxyAudience>, whose content is used to populate the Audience elements of the <ProxyRestriction> condition element. This element may appear any number of times, one for each audience.