Used when authentication is based data not provided by an end user (header or a token). Often sent from a reverse proxy.


Name Description Default value Mandatory
idpID The iternal identifier of the idp used N/A Yes
pipeID Id of the pipe used to issue the SAML assertion N/A Yes
samlAuthMethod What value is set in the AuthnContextClassRef urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport No
requiredParameter If configured, the system will look for presence of the paramater before executing the pipe. Missing presence will result in aborting the execution No

Example Configuration

    "alias": "samldispatch",
    "name": "HeaderSAML",
    "configuration": {
        "idpID": "idp",


The response must include a parameter called username that may not be empty.