Contents
|
Provider Profile
You can modify any of the following provider attribute fields:
Common Attributes
Description. Enter a description of the provider.
Valid Until. This field allows you to enter the expiration date for the metadata pertaining to the provider. Use the following format:
yyyy-mm-dd hh:mm:ss.SZ
For example, 2004-12-31 12:30:00.0-0800
Cache Duration. This field defines the duration period for the metadata to be cached and uses the xs:duration format.
Protocol Support Enum. This field defines the protocol release supported by the entity. urn:liberty:iff:2003-08 refers to Identity Federation Framework (ID-FF) 1.2 and urn:liberty:iff:2002-12 refers to Federation Identity Framework (ID-FF) 1.1.
Security Key. The Security Key defines the Security Certificate alias. The certificates are stored in the JKS keystore against an alias. This alias (the Security Key) is used to fetch the required certificate.
Key Use. This field defines allowed key usage. You can choose encryption or signing.
Key Size. This field constrains the length of keys used by the consumer when interacting with another entity.
Encryption Method. This field defines the encryption preferences URI.
Communication URLs
SOAP Endpoint URL. This field specifies the location for the receiver of SOAP requests. This is used to communicate on the back-channel (non-browser communication) through SOAP.
Single Logout Service URL. The Single Logout Service URL is used by a service provider or identity provider to send and receive logout requests.
Single Logout Return URL. This specifies the URL to which logout requests are redirected after processing.
Federation Termination Service URL. This field specifies the URL to which federation termination requests are sent.
Federation Termination Return URL. This field specifies the URL to which federation termination requests are redirected after processing.
Name Registration Service URL. This field uses the Name Registration protocol that is used by a service provider to register its own Name Identifier while communicating to an identity provider. Registration occurs only after a federation session is established. This field defines the service URL used by a service provider to register a Name Identifier with an identity provider.
Name Registration Return URL. This field uses the Name Registration protocol that is used by a service provider to register its own Name Identifier while communicating to an identity provider. Registration occurs only after a federation session is established. The Name Registration Return URL is the URL to which the identity provider sends back the status of the registration.
Communication Profiles
Federation Termination Profile. You can choose SOAP or HTTP/Redirect. This field specifies if the SOAP or HTTP/Redirect profile is to be used to notify of federation termination. This can be changed at any time during the life of the provider.
Single Logout Profile. You can choose SOAP or HTTP Redirect. This field specifies if SOAP or HTTP Redirect is to be used to notify a logout event. This can be changed at any time during the life of the provider.
Name Registration Profile. You can choose SOAP or HTTP/Redirect. This field specifies if the SOAP or HTTP/Redirect profile is to be used for name registration. This can be changed at any time during the life of the provider.
Server Relationship Term Notification URL. This field defines a URI describing the profiles that the entity supports for relationship termination.
Single Sign-on/Federation Profile. This field specifies the profile used by the hosted provider for sending authentication requests. Identity Server provides the following protocols:
Authentication Domains
Use the direction arrows to move a selected authentication domain into the Available list. Click Save. This will assign the provider to the authentication domain. A provider can belong to one or more authentication domains, however a provider without any authentication domains specified can not participate in Liberty communications. Click Save.
Service Provider
Note
These fields only apply to service providers. If the provider is an identity provider, these fields will not be displayed.
Assertion Consumer URL. This field defines the provider end-point to which a provider will send SAML assertions.
Assertion Consumer URL ID. This ID is required if Protocol Support Enum is urn:liberty:iff:2002-12.
Set Assertion Consumer Service URL as Default. This option sets the Assertion Consumer URL as the default.
Sign Authentication Request. This option, if enabled, specifies that the provider send signed authentication and federation requests. The identity provider will not process unsigned requests originated from the service provider.
Name Registration After Federation. If enabled, this option allows for a service provider to participate in name registration after it has been federated. Name registration is a profile by which service providers specify a principal’s name identifier that an identity provider will use when communicating to the service provider.
Organization
Provider Contact Persons
Click the New button to add a contact person and modify the following fields:
First Name. The first name of the contact person.
Last Name. The last name of the contact person.
Type. The contact type. This can be one of the following:
- Technical
- Administrative
- Billing
- Other
Company. The contact person’s company name.
Liberty Principal Identifier. The name identifier that points to an online instance of the contact person’s personal information profile (PIP).
Email. The email address of the contact person.
Telephone. The telephone number of the contact person.
Contents |