SAML POST Template

Use this table when configuring a SAML authentication scheme based on the profile type POST for communicating security assertions. With the POST profile type, the generated SAML assertion is POSTed to the URL specified in the AssertionConsumerURL portion of the Parameter string.
casso1283
Use this table when configuring a SAML authentication scheme based on the profile type
POST
for communicating security assertions. With the POST profile type, the generated SAML assertion is POSTed to the URL specified in the
AssertionConsumerURL
portion of the Parameter string.
The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type
Value Assignment and Meaning
Scheme type
nType
=Sm_Api_SchemeType_SAMLPOST
The scheme type SAML POST.
Description
pszDesc
=
description
The description of the authentication scheme.
Protection level
nLevel
=
value
A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library
pszLib
="smauthsaml"
The default library for this scheme type.
Parameter
pszParam
=
param
The following required parameters:
Name. The name of the affiliate.
SAMLProfile. The profile type: POST.
SAMLVersion. The SAML version in use. The POST profile requires version 1.1.
RedirectMode. The way in which the SAML Credentials Collector redirects to the target resource. One of the following numeric values:
0. Meaning: 302 No Data.
1. Meaning: 302 Cookie Data.
2. Meaning: Server Redirect.
3. Meaning: Persist Attributes
AssertionConsumerURL. The URL to be sent the generated assertion.
Audience. The URI of the document that describes the agreement between the portal and the affiliate. This value is compared with the audience value specified in the SAML assertion.
Issuer. The SAML issuer specified in the assertion.
 
Parameter (con't)
AttributeXPath. A standard XPath query run against the SAML assertion. The query obtains the data that is substituted in a search specification that looks up a user-for example:
//saml:AttributeValue/SM:/SMContent/SM:Smlogin/SM:Username.text()
This query gets the text of the Username element.
attribute. The search string for looking up a user in a user directory of the specified type. Use a percent sign (%) to indicate where the value returned from the XPath query should be inserted. For example, if you specify attribute
LDAP:uid=%s
, and
user1
is returned from the query, the search string used for LDAP directories is
uid=user1
. At least one attribute must be specified.
Format of the parameter string is as follows. Separate name/value pairs with semi-colons (;). The format example includes LDAP and ODBC attributes:
Name=
name
;SAMLProfile=POST;SAMLVersion=1.1;RedirectMode=0|1|2;AssertionConsumerURL=
consumerUrl
;Audience=
audience
;Issuer=
issuer
;AttributeXpath=
XPathQuery
;attribute=LDAP:
srch
Spc;attribute=ODBC:
srchSpc
Shared secret
pszSecret
=""
Set to an empty string. Not applicable to this scheme.
Is template?
bIsTemplate
=0
Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?
bIsUsedbyAdmin
=0
Set to false (0)-scheme is not used to authenticate administrators.
Save credentials?
bAllowSaveCreds
=0
Set to false (0) to indicate that user credentials won't be saved.
Is RADIUS?
bIsRadius
=0
Set to false (0)-scheme is not used with RADIUS agents.
Ignore password check?
bIgnorePwCheck
=1
Set to true (1)-ignore password checking.