SAML Token Configurations
CA Strong Authentication supports different types of authentication tokens, and Secure Assertion Markup Language (SAML) tokens are one among them (in addition to Native, OTT, and Custom token types.)
aa821test
2112648
CA Strong Authentication supports different types of authentication tokens, and Secure Assertion Markup Language (
SAML
) tokens are one among them (in addition to Native, OTT, and Custom token types.)If you want to issue SAML as authentication tokens, then you must configure the SAML token properties. Using the samlTokenConfigs element of the createRequest message, you can configure SAML.
The following table lists the samlTokenConfigs element of the createRequest message:
Element
| Mandatory
| Description
|
name | No | Name for the configuration. |
status | No | Indicates the status of the configuration. |
tokenSigningCertKeyPair | No | Indicates the path that contains CA Strong Authentication Server certificate, and the private key that will be used by CA Strong Authentication Server to issue the SAML token. Following are the choices: KeyPairInHSM Set the certChainPEM element to CA Strong Authentication Server certificate chain in PEM format. KeyPairInP12 Set cerKeyP12 to the base64-encoded format of CA Strong Authentication Server certificate in PKCS#12 format. Set certKeyP12Password to the password of the PKCS#12 file. |
digestMethod | No | The algorithm that will be used for hashing the SAML tokens. |
signatureMethod | No | The algorithm that will be used for signing the SAML tokens. |
samlTokenAttributes | No | The attributes of the SAML token. The attributes required are: issuerName The URL of CA Strong Authentication Server. oneTimeUse Indicates whether the SAML token is to be used only once for authentication. assertionTimeOut The duration after which the SAML token cannot be used. audiences The details of the audience who can use the SAML token. |
subjectFormatSAML11 | No | The format of the SAML subject for SAML 1.1. |
subjectFormatSAML20 | No | The format of the SAML subject for SAML 2.0. |
additionalAttributes | No | You can set additional attributes, if required for the SAML token generation. Following are the required elements: attributeNameSpace The attribute namespace. nameFormat The attribute name format. attributeName The name of the attribute. FriendlyName The friendly name for the attribute. |