Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For more information regarding Name Mapping, please refer to the SSO Management pages.

To force the use of an attribute for the user principal, set the init-param value username-attribute in the web.xml file to the name of the source attribute. In the example below, email address will be used. This attribute must be present in the authorization policy of the application in Ubisecure Management and must be marked as a mandatory attribute.

...


The example code above also shows a defined listener-class value. See SAML SP configuration - SSO 8964117742.

Network Address Tolerance

...

Code Block
languagetext
titleListing 6. Using the disable-request-wrapper setting
<filter>
	<filter-name>ServiceProviderFilter</filter-name>
	<filter-class>com.ubisecure.saml2.sp.servlet.ServiceProviderFilter</filter-class>
	<init-param>
		<param-name>disable-request-wrapper</param-name>
		<param-value>true</param-value>
	</init-param> 
</filter>

Metadata Store Location

Metadata store directory can be external to the application. The default location is WEB-INF/saml2/sp but this can be overridden by using servlet init param:

Code Block
<servlet>
    <servlet-name>ServiceProviderServlet</servlet-name>
    <servlet-class>com.ubisecure.saml2.sp.servlet.ServiceProviderServlet</servlet-class>
    <load-on-startup>0</load-on-startup>
    <init-param>
        <param-name>com.ubisecure.saml2.config.storepath</param-name>
        <param-value>file:/home/andrei/samlsp-config</param-value>
    </init-param>
</servlet>

The init param must have name "com.ubisecure.saml2.config.storepath" and contain path to a target directory as a value prefixed with "file:". In this example it is a Linux directory to which the web application has access.

Attribute Queries

Attribute Queries allow an application to query an Attribute Authority for user attributes at run time, after the initial authentication has been performed. The Attribute Authority may be a different party to the Identity Provider.

...