The following table provides further explanations about all parameters within the "configuration" object:
On the Service Provider side
The following table provides further explanations about all parameters within the "configuration" object:
On the Service Provider side
Parameter name | Cardinality | Description |
name | Mandatory | Name given to the configuration. |
keystoreFile | Mandatory | Path to the keystore.jks file generated in the previous step ("-keystore" parameter). The keystore.jks file stores the SP public and private keys. By default, the parameter expects the following value: saml/keystore.jks |
keystorePassword | Mandatory | Password used to generated the keystore.jks file in the previous step ("-storepass" parameter). |
privateKeyPassword | Mandatory | Password entered for the SP private key when generating the keystore.jks file in the previous step ("-keypass" parameter). |
entityId | Mandatory | ID of the current Fluid Topics tenant. By default, the parameter expects the following value: http://$HOSTNAME/$TENANT_ID/ |
signatureAlgorithms | Optional | Possibility to use several signature algorithms. The parameter expects one (or more) of the following values (can be stacked): "http://www.w3.org/2000/09/xmldsig#rsa-sha1|http://www.w3.org/2001/04/xmldsig-more#rsa-sha512|http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" |
On the Identity Provider side
Parameter name | Cardinality | Description |
idpMetadataFile | Mandatory | Path to the metadata.xml file that has been generated on the IdP side. By default, the parameter expects the following value: saml/idp_metadata.xml |
idPropertyKey | Mandatory (except for ADFS, where it is not used.) | Name of the parameter within the SAML response where the user ID can be retrieved. This information is required to identify the user after each connection. |
idReaderFunction | Optional | Function written in JAVA to retrieve the user Id information from the SAML response. See SAML Profile Retrieval. This parameter replaces the idPropertyKey parameter. |
mailPropertyKey | Mandatory | Name of the parameter within the SAML response where the user email can be retrieved. This information is required for the user to receive email notifications (for alerts, feedbacks, and so on). |
mailReaderFunction | Optional | Function written in JAVA to retrieve the user email information from the SAML response. See SAML Profile Retrieval. This parameter replaces the mailPropertyKey parameter. |
namePropertyKey | Mandatory | Name of the parameter within the SAML response where the user name can be retrieved. This parameter is required to greet the connected user. |
nameReaderFunction | Optional | Function written in JAVA to retrieve the user name information from the SAML response. See SAML Profile Retrieval. This parameter replaces the namePropertyKey parameter. |
groupsPropertyKey | Optional | Name of the parameter within the SAML response where the user group can be retrieved. |
groupsReaderFunction | Optional | Function written in JAVA to retrieve the user group information from the SAML response. See SAML Profile Retrieval. |
rolesPropertyKey | Optional | Name of the parameter within the SAML response where the user role can be retrieved. |
rolesReaderFunction | Optional | Function written in JAVA to retrieve the user role information from the SAML response. See SAML Profile Retrieval. |
maxAuthenticationLifetime | Mandatory (ADFS) | Numerical value to set the lifetime of the authentication lifetime in seconds. It must be greater than Fluid Topics own default log in cookie (600 seconds). It must match the maxAuthenticationLifetime parameter configured on the IdP side. If using ADFS, this value must be 28800. |