SecureBlackbox 2020 macOS Edition

Questions / Feedback?

SAMLIdPServer Module

Properties   Methods   Events   Configuration Settings   Errors  

The SAMLIdPServer component represents a SAML identity provider.




The identity provider in the SAML (Security Assertion Markup Language) exchange flow represents the server that issues authentication assertions for single sign-on (SSO).

Requests received by the IdP server from known service providers (SP) are processed automatically, in accordance with known SP metadata and IdP options. If the request is correct, the client is redirected to the IdP for authentication. The authentication algorithm depends on the IdP options and may be reduced to a simple IP check, X.509 certificate authentication, or login credentials check.

Property List

The following is the full list of the properties of the module with short descriptions. Click on the links for further details.

ActiveTells whether the server is active and ready to process requests.
AllowIDPSSOSpecifies if IdP-initiated Single Sign-On (SSO) is allowed.
ArtifactResolutionServiceThe location of the artifact resolution service.
AttributeQueryServiceThe location of the AttributeQuery service.
AuthFormTemplateDefines the default authentication template (login page).
EncryptAssertionsSpecifies whether to encrypt assertions included into the IdP response.
EncryptionCertificateThe certificate used to encrypt the assertions.
ErrorOriginIndicates the endpoint where the error originates from.
ErrorSeverityThe severity of the error that happened.
ExternalCryptoProvides access to external signing and DC parameters.
HostSpecifies the host address of the IdP server.
IDPSSOPageSpecifies the relative URL of the IdP-initiated SSO page.
IDPSSOPageContentThe content of the IdP-initiated SSO page.
LoginAttemptsLimitThe maximum number of login attempts.
MetadataURLThe IdP's metadata location.
MetaSigningCertificateSpecifies the metadata signing certificate.
PortThe listening port number.
PreferredSingleLogoutResponseBindingSpecifies the preferred single logout response binding.
PreferredSingleSignOnResponseBindingSpecifies preferred SSO response binding.
ServerCertificatesThe server's TLS certificates.
SignAssertionsSpecifies whether the assertions included in IdP responses should be signed.
SigningCertificateThe certificate to be used by the IdP's for signing.
SigningChainThe signing certificate chain.
SignMetadataSpecifies whether the IdP's metadata should be signed.
SignResponseSpecifies whether the IdP responses should be signed.
SingleLogoutServiceThe URL of the single logout service.
SingleLogoutServiceBindingsDefines single logout service bindings.
SingleSignOnServiceThe URL of the single logout service.
SingleSignOnServiceBindingsDefines single sign-on service bindings.
SocketSettingsManages network connection settings.
TLSSettingsManages TLS layer settings.
URLSpecifies the base URL of this IdP server.
UseTLSEnables or disables the secure connection requirement.

Method List

The following is the full list of the methods of the module with short descriptions. Click on the links for further details.

AddIdPSSOLinkAdds an SSO URL to the list.
AddUserRegisters known user credentials.
AddUserWithEmailRegisters known user credentials.
ClearUsersClears the database of registered users.
ConfigSets or retrieves a configuration setting.
LoadSPMetadataLoads the metadata required for information exchange with the service provider.
RemoveIdPSSOLinkRemoves the specified SSO link.
RemoveSPRemoves an SP from the list of trusted service providers.
RemoveUserUnregister user credentials.
SaveMetadataSaves the IdP configuration to a metadata file.
StartStarts the IdP server.
StopStops the IdP server.

Event List

The following is the full list of the events fired by the module with short descriptions. Click on the links for further details.

AcceptReports an incoming connection.
ConnectReports an accepted connection.
DisconnectFires to report a disconnected client.
ErrorInformation about errors during data delivery.
ExternalSignHandles remote or external signing initiated by the server protocol.
NotificationThis event notifies the application about an underlying control flow event.
SessionClosedThis event is fired when the IdP server has closed a session.
SessionEstablishedThis event is fired when a new session has been established.

Configuration Settings

The following is a list of configuration settings for the module with short descriptions. Click on the links for further details.

AssertionsOneTimeUseAdds a one-time use condition to the assertion.
AssertionsTTLThe assertions time-to-live value.
BoundPortThe port that was bound by the server.
DefaultNameIDPolicyFormatDefault name ID policy format.
DefaultPassiveAuthnContextClassRefThe default passive authentication context class.
DualStackAllows the use of ip4 and ip6 simultaneously.
HandshakeTimeoutThe HTTPS handshake timeout.
MaxIssueInstantTimeDiffThe maximum issue-instant time delta.
NotBeforeTimeoutThe 'not-before' timeout to use.
PortRangeFromThe lower bound of allowed port scope to listen on.
PortRangeToThe higher bound of allowed port scope to listen on.
ServerNameSpecifies the server name for the created responses.
SessionTimeoutThe HTTP session timeout.
SessionTTLThe SAML session time-to-live value.
SubjectConfirmationMethodSubject confirmation method.
TempPathPath for storing temporary files.
CheckKeyIntegrityBeforeUseEnables or disable private key integrity check before use.
CookieCachingSpecifies whether a cookie cache should be used for HTTP(S) transports.
CookiesGets or sets local cookies for the component (supported for HTTPClient, RESTClient and SOAPClient only).
DefDeriveKeyIterationsSpecifies the default key derivation algorithm iteration count.
EnableClientSideSSLFFDHEEnables or disables finite field DHE key exchange support in TLS clients.
GlobalCookiesGets or sets global cookies for all the HTTP transports.
HttpUserAgentSpecifies the user agent name to be used by all HTTP clients.
LogDestinationSpecifies the debug log destination.
LogDetailsSpecifies the debug log details to dump.
LogFileSpecifies the debug log filename.
LogFiltersSpecifies the debug log filters.
LogFlushModeSpecifies the log flush mode.
LogLevelSpecifies the debug log level.
LogMaxEventCountSpecifies the maximum number of events to cache before further action is taken.
LogRotationModeSpecifies the log rotation mode.
MaxASN1BufferLengthSpecifies the maximal allowed length for ASN.1 primitive tag data.
MaxASN1TreeDepthSpecifies the maximal depth for processed ASN.1 trees.
OCSPHashAlgorithmSpecifies the hash algorithm to be used to identify certificates in OCSP requests.
UseOwnDNSResolverSpecifies whether the client components should use own DNS resolver.
UseSharedSystemStoragesSpecifies whether the validation engine should use a global per-process copy of the system certificate stores.
UseSystemOAEPAndPSSEnforces or disables the use of system-driven RSA OAEP and PSS computations.
UseSystemRandomEnables or disables the use of the OS PRNG.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 macOS Edition - Version 20.0 [Build 8165]