Use the following hints to adjust settings on the Assertion Content tab page.
Signing and Encryption
- Request/Response Signing
-
Specifies what parts of messages the service provider requires the identity provider to sign digitally.
- Encryption
-
The identity provider must encrypt selected elements.
- Certificate Aliases
-
Specifies aliases for certificates in the OpenAM key store that are used to handle digital signatures, and to handle encrypted messages.
NameID Format
- NameID Format List
-
Specifies the supported name identifiers for users that are shared between providers for single sign on. If no name identifier is specified when initiating single sign on, then the service provider uses the first one in the list supported by the identity provider.
- Disable Federation persistence if NameID Format is unspecified
-
When enabled, the NameID Format in the authentication response is
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, and the Account Mapper has identified the local user, the service provider does not persist federation information in the user profile.
Authentication Context
- Mapper
-
Specifies a class that implements the
SPAuthnContextMapperinterface and sets up the authentication context. - Default Authentication Context
-
Specifies the authentication context used if no authentication context specified in the request.
- Supported Contexts
-
Specifies the supported authentication contexts. The Level corresponds to an authentication module authentication level.
- Comparison Type
-
How the authentication context in the assertion response must compare to the supported contexts.
