An Overview of the Configuration Files
...
Code Block | ||||
---|---|---|---|---|
| ||||
cd <webapp_directory>\WEB-INF
mkdir saml2\sp
java -jar lib\sso-ubisaml2.jar Generate https://sp.example.com/webapp/spsso -o saml2\sp |
...
Code Block | ||||
---|---|---|---|---|
| ||||
cd <webapp_directory>\WEB-INF
java -jar lib\sso-ubisaml2.jar Metadata saml2\sp -f c:\temp\sp.xml |
...
Figure 3. The SAML Service Provider ID field now shows the Entity ID of your SP |
Finnish Trust Network specific configurations
Trusted OpenID Connect applications in Finnish Trust Network (FTN) can provide their friendly name to be shown in the login UI and sent as the display name for Authentication Methods by setting Configuration String AllowFtnSpname
as true
. To do this in the Management UI, add AllowFtnSpname=true
to the last line in Configuration String.
AllowFtnSpname
Can be true
or false
.
Controls whether or not the value of spname
(i) is allowed to be used as the friendly name for the application.
true
, then the value of spname
is used as the friendly name of the application and overrides any value of mdui:DisplayName
(ii).If false
, then the value of spname
is ignored.
Default is false
.
(i) spname
is a shortened form for the Authentication Request extension element /samlp:AuthnRequest/samlp:Extensions/ftn/spname
.
(ii) mdui:DisplayName
is a shortened form for the Service Provider Metadata extension element /md:EntityDescriptor/md:SPSSODescriptor/md:Extensions/mdui:UIInfo/mdui:DisplayName
.
Get the Metadata of the Identity Provider
...
If your application uses an attribute authority (AA) for attribute queries, you should copy the AA metadata to /WEB-INF/saml2/sp/metadata
folder together with the IDP metadata file. The name of each file is insignificant, but should have the suffix .xml
.
Key rotation
In order to use Key Rotation feature and update IDP/AA metadata automatically a ".href" file must exist. Don't be confused with the file extension since it is just a normal properties file in "key=value" format.
The file must be located at the same directory as the IDP/AA metadata file:
/WEB-INF/saml2/sp/metadata
The following properties are supported in ".href" file:
Value type | ||
---|---|---|
entityId | string | An entity identifier. Should be taken from IDP/AA metadata: <md:EntityDescriptor entityId="https://localhost:8443/uas"...> |
type | - IDP (Identity Provider); - AA (Attribute Authority). | An entity type. |
url | string | A URL to fetch metadata from. The same URL where SAML 2.0 IDP/AA metadata was fetched initially. See "Get the Metadata of the Identity Provider" step. |
refreshInterval | number | An interval in seconds to fetch the metadata. |
The example:
Code Block | ||
---|---|---|
| ||
entityId=https://localhost:8443/uas type=AA url=https://localhost:8443/uas/saml2/metadata.xml refreshInterval=20 |