AssertionConsumer

Decode and validate a SAML2 Assertion.

Data from the SAML assertion will generate a PhenixID item, where nameID will be the item ID. Potential additional SAML attributes will be added to the PhenixID session as session properties where the session property name will be the same as the SAML attribute name

Also, the authnContextClassRef from the SAML assertion will be added as a session property named authncontextclassref.

"issuingidp" and "destination"  is added to the item created.

Properties

Name Description Default value Mandatory Supports property expansion
clock_skew_minutes Set a skew in minutes to accept time drifts in assertion datetime values.  0 No No
strictScopedAttributeValidation Whether scoped attributes should be discarded if their scope is missing or cannot be found in the IdP's metadata. false No No
trustedidp A string of trusted idps. For multiple idps, use comma as delimeter. Idps not found in the list will fail flow No No

Example Configuration

{
    "name" : "AssertionConsumer",
    "config" : {
        "clock_skew_minutes":"0"
        "trustedidp":"idp1,idp2"
    }
  }

Parameter clock_skew_minutes is used when IdP clock is ahead of the PhenixID SAML SP, OPTIONAL. Default value: 0.

Requirements

SAML module is deployed.

A valid SAML Assertion is found in the flow. Must be in parameter "SAMLResponse".