Skip to content
Snippets Groups Projects
Commit a32f1d1e authored by Thijs Kinkhorst's avatar Thijs Kinkhorst
Browse files

No need anymore to flag SAML 2 specific options since it's the only flavour we support.

parent 94d08530
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 26 deletions
modules/saml/docs/sp.md
+ 0
26
View file @ a32f1d1e
...@@ -26,7 +26,6 @@ All these parameters override the equivalent option from the configuration. ...@@ -26,7 +26,6 @@ All these parameters override the equivalent option from the configuration.
`saml:AuthnContextClassRef` `saml:AuthnContextClassRef`
: The AuthnContextClassRef that will be sent in the login request. : The AuthnContextClassRef that will be sent in the login request.
: *Note*: SAML 2 specific.
`saml:AuthnContextComparison` `saml:AuthnContextComparison`
: The Comparison attribute of the AuthnContext that will be sent in the login request. : The Comparison attribute of the AuthnContext that will be sent in the login request.
...@@ -38,12 +37,10 @@ All these parameters override the equivalent option from the configuration. ...@@ -38,12 +37,10 @@ All these parameters override the equivalent option from the configuration.
* `SAML2\Constants::COMPARISON_MINIMUM` * `SAML2\Constants::COMPARISON_MINIMUM`
* `SAML2\Constants::COMPARISON_MAXIMUM` * `SAML2\Constants::COMPARISON_MAXIMUM`
: *Note*: SAML 2 specific.
`ForceAuthn` `ForceAuthn`
: Force authentication allows you to force re-authentication of users even if the user has a SSO session at the IdP. : Force authentication allows you to force re-authentication of users even if the user has a SSO session at the IdP.
: *Note*: SAML 2 specific.
`saml:idp` `saml:idp`
: The entity ID of the IdP we should send an authentication request to. : The entity ID of the IdP we should send an authentication request to.
...@@ -51,18 +48,15 @@ All these parameters override the equivalent option from the configuration. ...@@ -51,18 +48,15 @@ All these parameters override the equivalent option from the configuration.
`isPassive` `isPassive`
: Send a passive authentication request. : Send a passive authentication request.
: *Note*: SAML 2 specific.
`saml:Extensions` `saml:Extensions`
: The samlp:Extensions that will be sent in the login request. : The samlp:Extensions that will be sent in the login request.
: *Note*: SAML 2 specific.
`saml:NameID` `saml:NameID`
: Add a Subject element with a NameID to the SAML AuthnRequest for the IdP. : Add a Subject element with a NameID to the SAML AuthnRequest for the IdP.
This must be a \SAML2\XML\saml\NameID object. This must be a \SAML2\XML\saml\NameID object.
: *Note*: SAML 2 specific.
`saml:NameIDPolicy` `saml:NameIDPolicy`
: The format of the NameID we request from the IdP: an array in the form of : The format of the NameID we request from the IdP: an array in the form of
...@@ -73,13 +67,11 @@ All these parameters override the equivalent option from the configuration. ...@@ -73,13 +67,11 @@ All these parameters override the equivalent option from the configuration.
: For compatibility purposes, `null` is equivalent to transient and a format : For compatibility purposes, `null` is equivalent to transient and a format
can be defined as a string instead of an array. These variants are deprecated. can be defined as a string instead of an array. These variants are deprecated.
: *Note*: SAML 2 specific.
`saml:Audience` `saml:Audience`
: Add a Conditions element to the SAML AuthnRequest containing an : Add a Conditions element to the SAML AuthnRequest containing an
AudienceRestriction with one or more audiences. AudienceRestriction with one or more audiences.
: *Note*: SAML 2 specific.
Authentication data Authentication data
...@@ -119,7 +111,6 @@ Options ...@@ -119,7 +111,6 @@ Options
: Note that this option can be overridden for a specific IdP in saml20-idp-remote. : Note that this option can be overridden for a specific IdP in saml20-idp-remote.
: *Note*: SAML 2 specific.
`AssertionConsumerService` `AssertionConsumerService`
: List of Assertion Consumer Services in the generated metadata. Specified in the array of : List of Assertion Consumer Services in the generated metadata. Specified in the array of
...@@ -161,7 +152,6 @@ Options ...@@ -161,7 +152,6 @@ Options
: The SP can request authentication with a specific authentication context class. : The SP can request authentication with a specific authentication context class.
One example of usage could be if the IdP supports both username/password authentication as well as software-PKI. One example of usage could be if the IdP supports both username/password authentication as well as software-PKI.
: *Note*: SAML 2 specific.
`AuthnContextComparison` `AuthnContextComparison`
: The Comparison attribute of the AuthnContext that will be sent in the login request. : The Comparison attribute of the AuthnContext that will be sent in the login request.
...@@ -173,7 +163,6 @@ Options ...@@ -173,7 +163,6 @@ Options
* `SAML2\Constants::COMPARISON_MINIMUM` * `SAML2\Constants::COMPARISON_MINIMUM`
* `SAML2\Constants::COMPARISON_MAXIMUM` * `SAML2\Constants::COMPARISON_MAXIMUM`
: *Note*: SAML 2 specific.
`authproc` `authproc`
: Processing filters that should be run after SP authentication. : Processing filters that should be run after SP authentication.
...@@ -236,7 +225,6 @@ Options ...@@ -236,7 +225,6 @@ Options
: Note that this option can be set for each IdP in the [IdP-remote metadata](./simplesamlphp-reference-idp-remote). : Note that this option can be set for each IdP in the [IdP-remote metadata](./simplesamlphp-reference-idp-remote).
: *Note*: SAML 2 specific.
`entityID` `entityID`
: The entity ID this SP should use. : The entity ID this SP should use.
...@@ -247,7 +235,6 @@ Options ...@@ -247,7 +235,6 @@ Options
`ForceAuthn` `ForceAuthn`
: Force authentication allows you to force re-authentication of users even if the user has a SSO session at the IdP. : Force authentication allows you to force re-authentication of users even if the user has a SSO session at the IdP.
: *Note*: SAML 2 specific.
`idp` `idp`
: The entity ID this SP should connect to. : The entity ID this SP should connect to.
...@@ -257,7 +244,6 @@ Options ...@@ -257,7 +244,6 @@ Options
`IsPassive` `IsPassive`
: IsPassive allows you to enable passive authentication by default for this SP. : IsPassive allows you to enable passive authentication by default for this SP.
: *Note*: SAML 2 specific.
`name` `name`
: The name of this SP. : The name of this SP.
...@@ -278,7 +264,6 @@ Options ...@@ -278,7 +264,6 @@ Options
: Note that this option can be set for each IdP in the [IdP-remote metadata](./simplesamlphp-reference-idp-remote). : Note that this option can be set for each IdP in the [IdP-remote metadata](./simplesamlphp-reference-idp-remote).
: *Note*: SAML 2 specific.
`NameIDPolicy` `NameIDPolicy`
: The format of the NameID we request from the idp: an array in the form of : The format of the NameID we request from the idp: an array in the form of
...@@ -289,7 +274,6 @@ Options ...@@ -289,7 +274,6 @@ Options
: For compatibility purposes, `null` is equivalent to transient and a format : For compatibility purposes, `null` is equivalent to transient and a format
can be defined as a string instead of an array. These variants are deprecated. can be defined as a string instead of an array. These variants are deprecated.
: *Note*: SAML 2 specific.
`OrganizationName` `OrganizationName`
: The name of the organization responsible for this SP. : The name of the organization responsible for this SP.
...@@ -323,36 +307,30 @@ Options ...@@ -323,36 +307,30 @@ Options
`privatekey` `privatekey`
: File name of private key to be used for signing messages and decrypting messages from the IdP. This option is only required if you use encrypted assertions or if you enable signing of messages. : File name of private key to be used for signing messages and decrypting messages from the IdP. This option is only required if you use encrypted assertions or if you enable signing of messages.
: *Note*: SAML 2 specific.
`privatekey_pass` `privatekey_pass`
: The passphrase for the private key, if it is encrypted. If the private key is unencrypted, this can be left out. : The passphrase for the private key, if it is encrypted. If the private key is unencrypted, this can be left out.
: *Note*: SAML 2 specific.
`ProviderName` `ProviderName`
: Human readable name of the local SP sent with the authentication request. : Human readable name of the local SP sent with the authentication request.
: *Note*: SAML 2 specific.
`ProtocolBinding` `ProtocolBinding`
: The binding that should be used for SAML2 authentication responses. : The binding that should be used for SAML2 authentication responses.
This option controls the binding that is requested through the AuthnRequest message to the IdP. This option controls the binding that is requested through the AuthnRequest message to the IdP.
By default the HTTP-Post binding is used. By default the HTTP-Post binding is used.
: *Note*: SAML 2 specific.
`redirect.sign` `redirect.sign`
: Whether authentication requests, logout requests and logout responses sent from this SP should be signed. The default is `FALSE`. : Whether authentication requests, logout requests and logout responses sent from this SP should be signed. The default is `FALSE`.
If set, the `AuthnRequestsSigned` attribute of the `SPSSODescriptor` element in SAML 2.0 metadata will contain its value. This If set, the `AuthnRequestsSigned` attribute of the `SPSSODescriptor` element in SAML 2.0 metadata will contain its value. This
option takes precedence over the `sign.authnrequest` option in any metadata generated for this SP. option takes precedence over the `sign.authnrequest` option in any metadata generated for this SP.
: *Note*: SAML 2 specific.
`redirect.validate` `redirect.validate`
: Whether logout requests and logout responses received by this SP should be validated. The default is `FALSE`. : Whether logout requests and logout responses received by this SP should be validated. The default is `FALSE`.
: *Note*: SAML 2 specific.
`RegistrationInfo` `RegistrationInfo`
: Allows to specify information about the registrar of this SP. Please refer to the : Allows to specify information about the registrar of this SP. Please refer to the
...@@ -361,7 +339,6 @@ Options ...@@ -361,7 +339,6 @@ Options
`RelayState` `RelayState`
: The page the user should be redirected to after an IdP initiated SSO. : The page the user should be redirected to after an IdP initiated SSO.
: *Note*: SAML 2 specific.
`saml.SOAPClient.certificate` `saml.SOAPClient.certificate`
: A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP. : A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
...@@ -384,7 +361,6 @@ Options ...@@ -384,7 +361,6 @@ Options
any value in the IdP-remote metadata overrides the one configured any value in the IdP-remote metadata overrides the one configured
in the SP configuration. in the SP configuration.
: *Note*: SAML 2 specific.
`sign.logout` `sign.logout`
: Whether to sign logout messages sent from this SP. : Whether to sign logout messages sent from this SP.
...@@ -393,7 +369,6 @@ Options ...@@ -393,7 +369,6 @@ Options
any value in the IdP-remote metadata overrides the one configured any value in the IdP-remote metadata overrides the one configured
in the SP configuration. in the SP configuration.
: *Note*: SAML 2 specific.
`signature.algorithm` `signature.algorithm`
: The algorithm to use when signing any message generated by this service provider. Defaults to RSA-SHA256. : The algorithm to use when signing any message generated by this service provider. Defaults to RSA-SHA256.
...@@ -434,7 +409,6 @@ Options ...@@ -434,7 +409,6 @@ Options
any value in the IdP-remote metadata overrides the one configured any value in the IdP-remote metadata overrides the one configured
in the IdP metadata. in the IdP metadata.
: *Note*: SAML 2 specific.
`WantAssertionsSigned` `WantAssertionsSigned`
: Whether assertions received by this SP must be signed. The default value is `FALSE`. : Whether assertions received by this SP must be signed. The default value is `FALSE`.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment