SAML Cluster Properties

The following cluster properties configure the 's SAML authentication.
gateway83
The following cluster properties configure the
Layer7 API Gateway
's SAML authentication.
Property
Description
samlAssertion.validate.notBeforeOffsetDuration
The duration to be subtracted from a SAML assertion's "not before" restriction during validation. Use this property to relax the validity window to allow for clock skew.
Default:
0
(minutes)
Note:
This cluster property takes precedence over
samlAssertion.validate.notBeforeOffsetMin
cluster property.
samlAssertion.validate.notOnOrAfterOffsetDuration
The duration to be added to a SAML assertion's "not on or after" restriction during validation. Use this property to relax the validity window to allow for clock skew.
Default:
0
(minutes)
Note:
This cluster property takes precedence over
samlAssertion.validate.notOnOrAfterOffsetMin
cluster property.
samlAssertion.NotAfterOffsetMinutes
Time to offset the "not on or after" validity of the SAML statements created by the token service. Must be a positive integer.
Default:
5
(minutes)
samlAssertion.NotBeforeOffsetMinutes
Time to offset the "not before" validity of the SAML statements created by the token service. Must be a positive integer.
Default:
2
(minutes)
samlAssertion.validate.notBeforeOffsetMin
Time to subtract from the "not before" restriction of a SAML token during validation. This can be used to relax the validity window for clock skew.
Default:
0
(minutes)
Note:
This cluster property is deprecated.
samlAssertion.validate.notOnOrAfterOffsetMin
Time to add to the "not on or after" restriction of a SAML token during validation. This can be used to relax the validity window for clock skew.
Default:
0
(minutes)
Note:
This cluster property is deprecated.
saml.generation.includeDNSAddress
Controls whether the subject locality for SAML authentication statements include a DNS address. Value is a Boolean.
  • true
    = the DNSAddress attribute is set in the SubjectLocality element; for example:
<saml:SubjectLocality DNSAddress="sample.l7tech.com" IPAddress="10.7.99.123"/>)
  • false
    = no DNSAddress attribute is set in the SubjectLocality element; for example:
<saml:SubjectLocality IPAddress="10.7.99.123"/>)
Default:
false