SAML 1.1 Remote Consumer Entity
casso127
HID_remote-saml1-consumer-entity
Configure Remote SAML 1.1 Consumer Entity
The Configure Remote SAML 1.1 Consumer Entity section lets you identify the entity. The settings include:
- Entity IDIdentifies the federation entity to a partner. The Entity ID is a universal identifier like a domain name. If the Entity ID represents aremote partner,this value must be unique. If the Entity ID represents alocal partner,it can be reused on the same system. For example, if the Entity ID represents a local asserting party, this same ID can be used in more than one partnership.An Entity ID that represents a remote partner can only belong to a single active partnership.Value:URI (URL recommended)Note the following guidelines:
- The entity ID must be a URI, but an absolute URL is recommended.
- If the entity ID is a URL:
- The host part of the URL must be a name rooted in the organization's primary DNS domain.
- The URL must not contain a port number, a query string, or a fragment identifier.
- Do not use the ampersand (&) in the Entity ID because it is recognized as a separate query parameter.
- Do not specify a URN.
- The entity ID for a remote partner be globally unique to avoid name collisions within and across the federation.
Examples of Valid Entity IDsExamples of Invalid Entity IDs:- http://idp.ca.com/affwebservices/public/saml2sso?SPID=http://toto.tiit.fr?key=toto(This URL can work, but we do not advise you use this syntax)
- Entity NameNames the entity object for in the policy store. The Entity Name must be a unique value.CA Single Sign-Onuses the Entity Name internally to distinguish an entity at a particular site. This value is not used externally and the remote partner is not aware of this value.Note:The Entity Name can be the same value as the Entity ID, but the value is never shared with any other entity at the site.Value:Alphanumeric stringExample:Partner1
- DescriptionSpecifies additional information to describe the entity.Value:Alphanumeric string up to 1024 characters
- Assertion Consumer Service URLSpecifies the URL of the Assertion Consumer Service. The Assertion Consumer Service uses the assertion for authentication purposes, extracting the information then passing it on to the target application.Default ifhttp://CA Single Sign-Onis the consumer:consumer_server:port/affwebservices/public/samlcc
Supported Name ID Formats
casso127
The Supported Name ID Formats section allows you to specify the Name ID formats that the entity support.
The Name Identifier names a user in a unique way in the assertion. The format of the Name Identifier establishes the type of content that is used for the ID. For example, the format can be the User DN, in which case the content can be a uid.
Specifies the range of Name ID formats the entity supports. From the following options, select all the formats that apply:
- Unspecified
- Email Address
- X509 Subject Name
- Windows Domain Qualified Name
To select all formats, click Select Name ID Formats.
For a description of each format, see the SAML 1.1 specifications at the website.