Skip to content

SAML2 Support

Jump to bottom Edit New page
Michiel Kodde edited this page Mar 20, 2019 · 2 revisions

The OpenConext Engine supports the following:

Bindings

While we prefer HTTP-Redirect for AuthnRequests and HTTP-POST for Response messages, the Engine doesn't differentiate between types of messages. All bindings can be used with all message types.

Supported:

  • HTTP-POST
  • HTTP-Redirect

Unsupported:

  • SOAP
  • POAS
  • HTTP-Artiface
  • URI

Messages

Supported:

Unsupported:

  • AssertionIDRequest
  • ArtifactResolve
  • ArtifactResponse
  • ManageNameIDRequest
  • ManageNameIDResponse
  • LogoutRequest
  • LogoutResponse
  • NameIDMappingRequest
  • NameIDMappingResponse

Compliance

Engine is SAML2Int compliant.

Other

Supported SAML2 features:

  • Discovery (or "Where Are You From") screen to allow a user to select his / her Identity Provider
  • Signature validation on SAML Request and Response
  • User Consent

Noted features Engine does NOT support:

  • Seeding the proxy through Unsollicited Responses
  • Single Log Out

Why Single Log Out Doesn't Work

Add a custom footer
Add a custom sidebar
Clone this wiki locally