AssertionProvider

Usage:

Valve used to create a saml assertion. This is applicable in scenarios where PhenixID Server acts as a SAML Identity Provider.

This Valve requires the Current Item Set to contain one and only one Item. This item is used to populate the assertion with values.

Properties

Name Description Default value Mandatory Supports property expansion
targetEntityID The entityID of the IdP issuing the assertion.
Supports property expansion.
  YES YES
sourceID The entityID of the SP the assertion is aimed for.
Supports property expansion.
  YES YES
audienceRestriction The audience restriction to be set in the assertion.
Supports property expansion.
  NO YES
additionalAttributes The item properties to be used as attribute(s) in the assertion. Comma-separated.   NO NO
nameIDAttribute The item property to be used as nameID in the assertion.   YES NO
misc Additional properties to be set:
  • excludeSubjectNotBefore -> Include/exclude subject not before. Default: false
  • nameIdFormat – NameIDFormat to be used. Full urn format. Supports transient, persistent, unspecified. Default: unspecified
  • signMessage – Sign whole response? Default: true
  • signAssertion – Sign assertion? Default: false
  NO NO

Example Configuration

{
                 "name": "AssertionProvider",
                 "config": {
                     "targetEntityID": "PhenixID_IdP",
                     "nameIDAttribute": "carLicense",
                     "misc": {
                         "excludeSubjectNotBefore": "true",
                         "nameIdFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
                         "signMessage": "false",
                         "signAssertion": "true"
                     },
                     "sourceID": "urn:federation:MicrosoftOnline",
                     "audienceRestriction": "urn:federation:MicrosoftOnline",
                     "additionalAttributes": "IDPEmail"
                 }
             }

Requirements

SAML module is deployed.