Skip to main content

Reference

In this section, you'll find a detailed explanation of the available options for setting up an Identity Provider (IDP). Common options between IDP and Service Provider (SP) can be found in the generic reference.

Single Sign-On services

The Single Sign-On Service (SSO) is the endpoint where the SP sends to IDP the Authentication Requests. Different protocols could be use to transport Authentication Request, these methods are called bindings. An IDP has the flexibility to define one or multiple SSO endpoints, each of which can be associated with a specific binding protocol. Each endpoint is fully defined by two values:

  • Binding: Is the protocol supported by the endpoint. The supported values from Monokee are:

    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST: This binding is used for sending Authentication Request. To send these messages, they are first encoded in Base64 format and included as the value of a parameter in the body of an HTTP POST request. The content type of this request is usually set to application/x-www-form-urlencoded, which allows for the message to be transmitted as key-value pairs in the request body.
    • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect: This binding is used for sending Authentication Request. To send these messages, they are first deflated and encoded in Base64 format, and then included as part of the URL parameters in the Location header of a 302 HTTP response, allowing for the messages to be transmitted via HTTP Redirect.

  • Location: Is the the URL of the endpoint where the IDP expects to receive the Authentication Request from the IDP.

Attributes

List of the attributes supported by the IDP. If the list is empty, it is intended that the IDP supports any attribute and no restrictions apply. These values are the attributes available in the SAML assertion. The attribute are name-description pairs:

  • Name: Key of the attribute to add.
  • Descriptive Name: Descriptive name of the attribute.