SamlAssertionConstructionTemplate

Description of the configuration object

The supported SAML assertion versions.

The assertion lifetime (in seconds).

Whether or not SAML assertion objects get signed.

One or more SAML assertion consumers. For each assertion consumer, enter a URL of the 'AssertionConsumerService' published in the consumer’s SAML metadata. This field is only required for scenarios in which multiple SAML SP endpoints are assigned to a single SAML IdP endpoint and there is no agreement between the SPs and the IdP on a common SAML assertion layout. It can be ignored for single SAML SP endpoint/single IdP endpoint scenarios and for scenarios where there is an assertion layout agreement between multiple SAML endpoints and the SAML IdP endpoint.

The entity IDs of remote SAML SP endpoints that can be recipients of assertions that are issued on the basis of assertions issued by the local SAML IdP endpoint. Enter the SAML SP endpoint entity ID published in the consumer’s SAML metadata. If the list is empty, then no restrictions apply. This field only applies in SAML Proxying identity federation scenarios.

The number of proxying indirections allowed between the local SAML IdP endpoint and the remote SAML IdP endpoint that ultimately issues the SSO assertion to the SAML SP endpoint that is the original requestor. The value 0 means no proxying allowed; the value -1 means no proxying limit set. This field only applies in SAML Proxying identity federation scenarios.

In SAML proxying mode, this flag determines whether SAML Subject from received inbound SAML assertion should be forwarded in outbound SAML assertion, or if a new SAML Subject should be created. If checked then assigned 'SAML subject construction template identifiers' are ignored in SAML proxying mode.

In SAML proxying mode, this flag determines whether SAML 'AttributeStatement' elements from received inbound SAML assertion should be forwarded in outbound SAML assertion.

The assigned templates for SAML Subject child elements.

The assigned templates for SAML 'AuthenticationStatement' or 'AuthnStatement' child elements.

The identifiers of the assigned templates for SAML 'AttributeStatement' child elements.