AssertionConsumer

Decode and validate a SAML2 Assertion.

Data from the SAML assertion will generate a PhenixID item, where nameID will be the item ID. Potential additional SAML attributes will be added to the PhenixID session as session properties where the session property name will be the same as the SAML attribute name

Also, the authnContextClassRef from the SAML assertion will be added as a session property named authncontextclassref. 

Properties

Name Description Default value Mandatory Supports property expansion
clock_skew_minutes Set a skew in minutes to accept time drifts in assertion datetime values.  0 No No

Example Configuration 

{
    "name" : "AssertionConsumer",
    "config" : {
        "clock_skew_minutes":"0"
    }
  }

Parameter clock_skew_minutes is used when IdP clock is ahead of the PhenixID SAML SP, OPTIONAL. Default value: 0.

Requirements

SAML module is deployed.

A valid SAML Assertion is found in the flow. Must be in parameter "SAMLResponse".