You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/docs/marketplace/platform-supported-content/modules/SAML/idp-attributes.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ description: "Describes the list of IdP Attributes for the SAML module"
9
9
10
10
## Introduction
11
11
12
-
This document provides you with a detailed description of each IdP attribute and its default value for deploy-time configuration. You need to use these attributes when configuring the SAML module to create the IdP configuration. For more details, see [Non-default Configuration](/appstore/modules/saml/#non-default).
12
+
This document provides you with a detailed description of each IdP attribute and its default value for deploy-time configuration. You need to use these attributes when configuring the SAML module to create the IdP configuration. For more details, see [Non-default Configuration](/appstore/modules/saml/installation-configuration/#non-default).
13
13
14
14
## Identity Configuration
15
15
@@ -31,20 +31,20 @@ Using artifact binding for SAML responses at the SAML IdP is only available in t
31
31
* v3.3.0/v3.3.1 and above for Mendix 9 and 10
32
32
* v2.3.0 and above for Mendix 8
33
33
34
-
`POST_BINDING` is the default value when using an [Easy Default Flow](/appstore/modules/saml/#easy-flow).
34
+
`POST_BINDING` is the default value when using an [Easy Default Flow](/appstore/modules/saml/installation-configuration/#easy-flow).
35
35
36
36
### Use AssertionConsumerService Concept
37
37
38
38
In most cases (for example, with Entra ID), you do not want to use the AssertionConsumerService concept in requests. Some IdPs, however, require requests to include an AssertionConsumerServiceIndex. This refers to the definition of the Assertion Consumer Service in the SP metadata.
39
39
40
40
* If the **Use AssertionConsumerService Concept** is set to `No…` then Auth-Request contains the `AssertionConsumerServiceURL` and `ProtocolBinding` attributes.
41
41
* If the **Use AssertionConsumerService Concept** is set to `Yes…` then Auth-Request contains only the ‘`AssertionConsumerServiceIndex`’ attribute.
42
-
By default, it is `No` when using an [Easy Default Flow](/appstore/modules/saml/#easy-flow).
42
+
By default, it is `No` when using an [Easy Default Flow](/appstore/modules/saml/installation-configuration/#easy-flow).
43
43
44
44
### Assertion Consumer Service Index
45
45
46
46
Set the **Assertion consumer service index** to the value you want to use for `AssertionConsumerServiceIndex` in both the Auth-Request and the SP-Metadata.
47
-
The configured binding will be included in the SP metadata, as indicated in the [URLs](/appstore/modules/saml/#urls) section. The default value is `0` for the deploy time configuration.
47
+
The configured binding will be included in the SP metadata, as indicated in the [URLs](/appstore/modules/saml//installation-configuration/#urls) section. The default value is `0` for the deploy time configuration.
48
48
49
49
## Attribute Consuming Service
50
50
@@ -53,7 +53,7 @@ In the **Attribute Consuming Service** tab, you can configure your app using the
53
53
You can set up two sets of attributes by adding new attributes, editing existing attributes, or removing selected attributes. These will be provided at different times. Those listed under **I want to request attribute(s) at my IDP during initial login** will be returned when the end-user initially signs in. Those listed under **I want to request attribute(s) at my IDP during in-session login** will be returned during [In-session Authentication](#in-session).
54
54
Although the typical use case for requesting attributes is to obtain information about the user, you can request an attribute with a specific value. In this case, you can configure the optional Attribute value that must be returned.
55
55
56
-
When using an [Easy Default Flow](/appstore/modules/saml/#easy-flow), disable both initial and in-session login options.
56
+
When using an [Easy Default Flow](/appstore/modules/saml/installation-configuration/#easy-flow), disable both initial and in-session login options.
57
57
58
58
Requesting user attributes at the SAML IdP is only available in the following versions of the module (depending on which Mendix version you are using)
59
59
@@ -69,7 +69,7 @@ Requesting user attributes at the SAML IdP is only available in the following ve
69
69
***What algorithm do you want to use to sign messages** (or *Encryption method*) – `SHA1 - RSA`, or `SHA256 - RSA`
70
70
***Encryption key length** – 1024 or 2048 bits
71
71
72
-
When using an [Easy Default Flow](/appstore/modules/saml/#easy-flow), default values are `SHA256 - RSA` and 2048 bits
72
+
When using an [Easy Default Flow](/appstore/modules/saml/installation-configuration/#easy-flow), default values are `SHA256 - RSA` and 2048 bits
73
73
74
74
Enabling encryption has the following effects on messages being exchanged:
Copy file name to clipboardExpand all lines: content/en/docs/marketplace/platform-supported-content/modules/ldap.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -168,7 +168,7 @@ The following settings are available:
168
168
169
169
{{% alert color="info" %}} A unique attribute is used to import users from the LDAP server. Starting from version 1.1.3 of the LDAP module, users whose unique attribute value exceeds the length limit of the configured **Map users to** entity attribute are skipped during import. For more information on **Map users to** entity attribute, see the [Server Configuration](#server-configuration) section above.{{% /alert %}}
170
170
171
-
When using the LDAP module for user synchronization in combination with a separate method of authentication (for example, the SAML module), you typically want to persist a user identifier in your Mendix app (using **Custom attribute mapping**) and use that to identify the end-user that is signed in when receiving the SAML response (the Identifying Assertion). This needs alignment between the LDAP module configuration and the [SAML module configuration](/appstore/modules/saml/#user-provisioning). One option might be to use the user’s email address, but Mendix recommends using an immutable "technical" user identifier. This may be a user attribute different from the username that the user would be entering in a login screen at the IdP which supports SAML.
171
+
When using the LDAP module for user synchronization in combination with a separate method of authentication (for example, the SAML module), you typically want to persist a user identifier in your Mendix app (using **Custom attribute mapping**) and use that to identify the end-user that is signed in when receiving the SAML response (the Identifying Assertion). This needs alignment between the LDAP module configuration and the [SAML module configuration](/appstore/modules/saml/user-provisioning/). One option might be to use the user’s email address, but Mendix recommends using an immutable "technical" user identifier. This may be a user attribute different from the username that the user would be entering in a login screen at the IdP which supports SAML.
0 commit comments