2018-09-04 00:58:54 +00:00
key : saml
title : SAML 2.0
description : Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization data between security domains.
author : requarks.io
logo : https://static.requarks.io/logo/saml.svg
2018-10-08 04:17:31 +00:00
color : red darken-3
2018-09-04 00:58:54 +00:00
website : https://wiki.oasis-open.org/security/FrontPage
2019-04-28 01:42:04 +00:00
isAvailable : true
2018-09-04 00:58:54 +00:00
useForm : false
props :
entryPoint :
type : String
title : Entry Point
hint : Identity provider entrypoint (URL)
2019-04-28 01:42:04 +00:00
order : 1
2018-09-04 00:58:54 +00:00
issuer :
type : String
title : Issuer
hint : Issuer string to supply to Identity Provider
2019-04-28 01:42:04 +00:00
order : 2
2018-09-04 00:58:54 +00:00
audience :
type : String
title : Audience
2019-04-28 01:42:04 +00:00
hint : (Optional) - Expected SAML response Audience (if not provided, Audience won't be verified)
order : 3
2018-09-04 00:58:54 +00:00
cert :
type : String
title : Certificate
2019-04-28 01:42:04 +00:00
hint : (Optional) - Public PEM-encoded X.509 signing certificate. If the provider has multiple certificates that are valid, join them together using the | pipe symbol.
order : 4
2018-09-04 00:58:54 +00:00
privateCert :
type : String
title : Private Certificate
2019-04-28 01:42:04 +00:00
hint : (Optional) - PEM formatted key used to sign the certificate.
order : 5
2018-09-04 00:58:54 +00:00
decryptionPvk :
type : String
title : Decryption Private Key
2019-04-28 01:42:04 +00:00
hint : (Optional) - Private key that will be used to attempt to decrypt any encrypted assertions that are received.
order : 6
2018-09-04 00:58:54 +00:00
signatureAlgorithm :
type : String
title : Signature Algorithm
hint : Signature algorithm used for signing requests
2019-04-28 01:42:04 +00:00
order : 7
2018-09-04 00:58:54 +00:00
default : sha1
enum :
- sha1
- sha256
- sha512
identifierFormat :
type : String
title : Name Identifier format
default : 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
2019-04-28 01:42:04 +00:00
order : 8
2018-09-04 00:58:54 +00:00
acceptedClockSkewMs :
type : Number
title : Accepted Clock Skew Milleseconds
hint : Time in milliseconds of skew that is acceptable between client and server when checking OnBefore and NotOnOrAfter assertion condition validity timestamps. Setting to -1 will disable checking these conditions entirely.
2019-04-28 01:42:04 +00:00
default : -1
order : 9
2018-09-04 00:58:54 +00:00
disableRequestedAuthnContext :
type : Boolean
title : Disable Requested Auth Context
hint : If enabled, do not request a specific authentication context. This is known to help when authenticating against Active Directory (AD FS) servers.
default : false
2019-04-28 01:42:04 +00:00
order : 10
2018-09-04 00:58:54 +00:00
authnContext :
type : String
title : Auth Context
hint : Name identifier format to request auth context.
default : urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
2019-04-28 01:42:04 +00:00
order : 11
2018-09-04 00:58:54 +00:00
forceAuthn :
type : Boolean
title : Force Initial Re-authentication
hint : If enabled, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session.
default : false
2019-04-28 01:42:04 +00:00
order : 12
2018-09-04 00:58:54 +00:00
providerName :
type : String
title : Provider Name
hint : Optional human-readable name of the requester for use by the presenter's user agent or the identity provider.
default : wiki.js
2019-04-28 01:42:04 +00:00
order : 13
2018-09-04 00:58:54 +00:00
skipRequestCompression :
type : Boolean
title : Skip Request Compression
hint : If enabled, the SAML request from the service provider won't be compressed.
default : false
2019-04-28 01:42:04 +00:00
order : 14
2018-09-04 00:58:54 +00:00
authnRequestBinding :
type : String
title : Request Binding
hint : Binding used for request authentication from IDP.
2019-04-28 01:42:04 +00:00
order : 15
default : 'HTTP-POST'
2018-09-04 00:58:54 +00:00
enum :
- HTTP-Redirect
- HTTP-POST
2019-04-28 01:42:04 +00:00
mappingUID :
title : Unique ID Field Mapping
type : String
default : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'
hint : The field storing the user unique identifier. Can be a variable name or a URI-formatted string.
order : 16
mappingEmail :
title : Email Field Mapping
type : String
default : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
hint : The field storing the user email. Can be a variable name or a URI-formatted string.
order : 17
mappingDisplayName :
title : Display Name Field Mapping
type : String
default : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
hint : The field storing the user display name. Can be a variable name or a URI-formatted string.
order : 18
mappingPicture :
title : Avatar Picture Field Mapping
type : String
default : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/picture'
hint : The field storing the user avatar picture. Can be a variable name or a URI-formatted string.
order : 19