Changes made to SAML 2.0 connections on 5.0

Categories

Open all | Close all

Changes made to SAML 2.0 connections on 5.0

April 25, 2024

Remove the “Single sign on artifact resolution” setting

We have retired the “Single sign on artifact resolution” setting and replaced it with the “Artifact Resolution Services” which can support multiple artifact resolution services:

More details about this “Artifact resolution services” setting can be found at this document

Support multiple assertion consumer services

Prior to version 5.0, while Identify is able to import multiple assertion consumer services from an SP’s metadata, it always uses the first endpoint to response to the SP. Identify is now able to truly support multiple assertion consumer services as well as adheres to the AssertionConsumerServiceUrl and AssertionConsumerServiceIndex attributes of AuthnRequests from SPs. When an SP has more than one assertion consumer service endpoints, Identify attempts to pick one endpoint in the following order:

  1. Use AuthnRequest’s assertion consumer service index.
  2. If the index is not set, Identify will use an assertion consumer service which is configured as “Default”.
  3. Otherwise, Identify will use the first assertion consumer service endpoint.


More details about this “Artifact resolution services” setting can be found at this document

New certificate control

Since we have moved all trusted certificates in Windows Certificate Store to Identify’s own database, we also updated the certificate control to reflect the fact that only certificate thumbprints are matter now:

Was this helpful ?Good Somewhat Bad

Related posts:

  1. Saml 2.0: SAML 2.0 connection settings now support more standard elements found in metadata
  2. A comprehensive changelog for Identify 5.0
  3. REST API – New features of connections
  4. Saml 2.0: support of the “Profile” concept that opens ability to let Identify and Saml 2.0 connections perform profile-specific requirements.