AssertionConsumer
Note
Decode and validate a SAML2 Assertion.
Data from the SAML assertion will generate a PhenixID item, where nameID will be the item ID. Potential additional SAML attributes will be added to the PhenixID session as session properties where the session property name will be the same as the SAML attribute name.
Also, the authnContextClassRef from the SAML assertion will be added as a session property named authncontextclassref.
"issuingidp" and "destination" is added to the item created.
Properties
| Name | Description | Default value | Mandatory | Supports property expansion |
|---|---|---|---|---|
| clock_skew_minutes | Set a skew in minutes to accept time drifts in assertion datetime values. | 0 | No | No |
| strictScopedAttributeValidation | Whether scoped attributes should be discarded if their scope is missing or cannot be found in the IdP's metadata. | false | No | No |
| trustedidp | A string of trusted idps. For multiple idps, use comma as delimeter. Idps not found in the list will fail flow | No | No | |
| addAttributesTo | Which of session/item/both attributes should be added to. | session | No | No |
Example Configuration
{
"name" : "AssertionConsumer",
"config" : {
"clock_skew_minutes":"0"
"trustedidp":"idp1,idp2"
}
}
Parameter clock_skew_minutes is used when IdP clock is ahead of the PhenixID SAML SP, OPTIONAL. Default value: 0.
Requirements
SAML module is deployed.
A valid SAML Assertion is found in the flow. Must be in parameter "SAMLResponse".