SAML Token Configurations

CA Strong Authentication supports different types of authentication tokens, and Secure Assertion Markup Language (SAML) tokens are one among them (in addition to Native, OTT, and Custom token types.)
aa821test
2112648
CA Strong Authentication supports different types of authentication tokens, and Secure Assertion Markup Language (
SAML
) tokens are one among them (in addition to Native, OTT, and Custom token types.)
If you want to issue SAML as authentication tokens, then you must configure the SAML token properties. Using the samlTokenConfigs element of the createRequest message, you can configure SAML.
The following table lists the samlTokenConfigs element of the createRequest message:
Element
Mandatory
Description
name
No
Name for the configuration.
status
No
Indicates the status of the configuration.
tokenSigningCertKeyPair
No
Indicates the path that contains CA Strong Authentication Server certificate, and the private key that will be used by CA Strong Authentication Server to issue the SAML token. Following are the choices:
KeyPairInHSM
Set the certChainPEM element to CA Strong Authentication Server certificate chain in PEM format.
KeyPairInP12
Set cerKeyP12 to the base64-encoded format of CA Strong Authentication Server certificate in PKCS#12 format.
Set certKeyP12Password to the password of the PKCS#12 file.
digestMethod
No
The algorithm that will be used for hashing the SAML tokens.
signatureMethod
No
The algorithm that will be used for signing the SAML tokens.
samlTokenAttributes
No
The attributes of the SAML token. The attributes required are:
issuerName
The URL of CA Strong Authentication Server.
oneTimeUse
Indicates whether the SAML token is to be used only once for authentication.
assertionTimeOut
The duration after which the SAML token cannot be used.
audiences
The details of the audience who can use the SAML token.
subjectFormatSAML11
No
The format of the SAML subject for SAML 1.1.
subjectFormatSAML20
No
The format of the SAML subject for SAML 2.0.
additionalAttributes
No
You can set additional attributes, if required for the SAML token generation. Following are the required elements:
attributeNameSpace
The attribute namespace.
nameFormat
The attribute name format.
attributeName
The name of the attribute.
FriendlyName
The friendly name for the attribute.