mirror of https://github.com/requarks/wiki
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
165 lines
5.5 KiB
165 lines
5.5 KiB
key: saml
|
|
title: SAML 2.0
|
|
description: Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization data between security domains.
|
|
author: requarks.io
|
|
logo: https://static.requarks.io/logo/saml.svg
|
|
color: red darken-3
|
|
website: https://wiki.oasis-open.org/security/FrontPage
|
|
isAvailable: true
|
|
useForm: false
|
|
props:
|
|
entryPoint:
|
|
type: String
|
|
title: Entry Point
|
|
hint: Identity provider entrypoint (URL)
|
|
order: 1
|
|
issuer:
|
|
type: String
|
|
title: Issuer
|
|
hint: Issuer string to supply to Identity Provider
|
|
order: 2
|
|
audience:
|
|
type: String
|
|
title: Audience
|
|
hint: Expected SAML response Audience (if not provided, audience won't be verified)
|
|
order: 3
|
|
cert:
|
|
type: String
|
|
title: Certificate
|
|
hint: Public PEM-encoded X.509 signing certificate. If the provider has multiple certificates that are valid, join them together using the | pipe symbol.
|
|
multiline: true
|
|
order: 4
|
|
privateKey:
|
|
type: String
|
|
title: Private Key
|
|
hint: PEM formatted key used to sign the certificate.
|
|
multiline: true
|
|
order: 5
|
|
decryptionPvk:
|
|
type: String
|
|
title: Decryption Private Key
|
|
hint: (Optional) - Private key that will be used to attempt to decrypt any encrypted assertions that are received.
|
|
multiline: true
|
|
order: 6
|
|
signatureAlgorithm:
|
|
type: String
|
|
title: Signature Algorithm
|
|
hint: Signature algorithm used for signing requests
|
|
maxWidth: 400
|
|
order: 7
|
|
default: sha1
|
|
enum:
|
|
- sha1
|
|
- sha256
|
|
- sha512
|
|
digestAlgorithm:
|
|
type: String
|
|
title: Digest Algorithm
|
|
hint: Digest algorithm used to provide a digest for the signed data object
|
|
maxWidth: 400
|
|
order: 8
|
|
default: sha1
|
|
enum:
|
|
- sha1
|
|
- sha256
|
|
- sha512
|
|
identifierFormat:
|
|
type: String
|
|
title: Name Identifier format
|
|
default: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
|
|
order: 20
|
|
wantAssertionsSigned:
|
|
type: Boolean
|
|
title: Always sign assertions
|
|
hint: If enabled, add WantAssertionsSigned="true" to the metadata, to specify that the IdP should always sign the assertions.
|
|
default: false
|
|
order: 21
|
|
acceptedClockSkewMs:
|
|
type: Number
|
|
title: Accepted Clock Skew Milleseconds
|
|
hint: Time in milliseconds of skew that is acceptable between client and server when checking OnBefore and NotOnOrAfter assertion condition validity timestamps. Setting to -1 will disable checking these conditions entirely.
|
|
default: 0
|
|
order: 22
|
|
disableRequestedAuthnContext:
|
|
type: Boolean
|
|
title: Disable Requested Auth Context
|
|
hint: If enabled, do not request a specific authentication context. This is known to help when authenticating against Active Directory (AD FS) servers.
|
|
default: false
|
|
order: 23
|
|
authnContext:
|
|
type: String
|
|
title: Auth Context
|
|
hint: Name identifier format to request auth context. For multiple values, join them together using the | pipe symbol.
|
|
default: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
|
|
order: 24
|
|
racComparison:
|
|
type: String
|
|
title: RAC Comparison Type
|
|
hint: Requested Authentication Context comparison type.
|
|
maxWidth: 400
|
|
order: 25
|
|
default: exact
|
|
enum:
|
|
- exact
|
|
- minimum
|
|
- maximum
|
|
- better
|
|
forceAuthn:
|
|
type: Boolean
|
|
title: Force Initial Re-authentication
|
|
hint: If enabled, the initial SAML request from the service provider specifies that the IdP should force re-authentication of the user, even if they possess a valid session.
|
|
default: false
|
|
order: 26
|
|
passive:
|
|
type: Boolean
|
|
title: Passive
|
|
hint: If enabled, the initial SAML request from the service provider specifies that the IdP should prevent visible user interaction.
|
|
default: false
|
|
order: 27
|
|
providerName:
|
|
type: String
|
|
title: Provider Name
|
|
hint: Optional human-readable name of the requester for use by the presenter's user agent or the identity provider.
|
|
default: wiki.js
|
|
order: 28
|
|
skipRequestCompression:
|
|
type: Boolean
|
|
title: Skip Request Compression
|
|
hint: If enabled, the SAML request from the service provider won't be compressed.
|
|
default: false
|
|
order: 29
|
|
authnRequestBinding:
|
|
type: String
|
|
title: Request Binding
|
|
hint: Binding used for request authentication from IDP.
|
|
maxWidth: 400
|
|
order: 30
|
|
default: 'HTTP-POST'
|
|
enum:
|
|
- HTTP-Redirect
|
|
- HTTP-POST
|
|
mappingUID:
|
|
title: Unique ID Field Mapping
|
|
type: String
|
|
default: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'
|
|
hint: The field storing the user unique identifier. Can be a variable name or a URI-formatted string.
|
|
order: 40
|
|
mappingEmail:
|
|
title: Email Field Mapping
|
|
type: String
|
|
default: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
|
|
hint: The field storing the user email. Can be a variable name or a URI-formatted string.
|
|
order: 41
|
|
mappingDisplayName:
|
|
title: Display Name Field Mapping
|
|
type: String
|
|
default: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
|
|
hint: The field storing the user display name. Can be a variable name or a URI-formatted string.
|
|
order: 42
|
|
mappingPicture:
|
|
title: Avatar Picture Field Mapping
|
|
type: String
|
|
default: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/picture'
|
|
hint: The field storing the user avatar picture. Can be a variable name or a URI-formatted string.
|
|
order: 43
|