如何通过 CREST API 将 IDP 添加到 OpenAM 联盟?
How to add IDPs to OpenAM federation via CREST API?
我知道有用于 OpenAM 的 REST API 用于某些功能,例如自助服务、身份验证等。但是我无法找到用于添加远程身份提供程序等的正确 API,
要么是我遗漏了什么,要么是由于某种原因,OpenAM 没有这样的 REST api。原因可能是他们没有计划,或者当前版本中还没有。
有什么方法可以在不使用 OpenAM 管理控制台或 ssoadm 命令的情况下在 OpenAM 中注册 SAML IDP?
也将非常感谢指向正确代码组件的指针。
在 Access Manager 5 (OpenAM 14) 中,您可以使用 REST API 管理 SAML 实体。要创建新的托管 SAMLv2 IdP,您需要这样的东西:
curl -X POST \
'http://idp.example.com:8080/openam/json/realm-config/federation/entityproviders/saml2?_action=create' \
-H 'content-type: application/json' \
-H 'iplanetdirectorypro: <ADMIN_SESSION_ID>' \
-d '{
"_id": "http://idp.example.com:8080/openam",
"metadata": "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n<EntityDescriptor entityID=\"http://idp.example.com:8080/openam\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\">\n <IDPSSODescriptor WantAuthnRequestsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n <KeyDescriptor use=\"signing\">\n <ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n <ds:X509Data>\n <ds:X509Certificate>MIIDaDCCAlCgAwIBAgIDcB/YMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDzANBgNVBAsTBk9wZW5BTTENMAsGA1UEAxMEdGVzdDAeFw0xNjAzMTgxMTU2MjhaFw0yNjAzMTYxMTU2MjhaMGUxCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDzANBgNVBAsTBk9wZW5BTTENMAsGA1UEAxMEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNbl89eP6B8kZATNSPe3+OZ3esLx31hjX+dakHtPwXCAaCKqJFwjwKdxyRuPdsVG+8Dbk3PGhk26aJrSE93EpxeqmQqxNPMeD+N0/8pjkuVYWwPIQ/ts2iTiWOVn7wzlE4ASfvupqOR5pjuYMWNo/pd4L7QNjUCKoAt9H11HMyiP+6roo/EYgX4AH7OAhfUMncYsopWhkW/ze9z8wTXc8BAEgDmt8zFCez1CtqJB/MlSBUGDgk8oHYDsHKmx05baBaOBQ8LRGP5SULSbRtu34eLFootBIn0FvUZSnwTiSpbaHHRgWrMOVm07oSLWBuO3h/bj38zBuuqqVsAK8YuyoECAwEAAaMhMB8wHQYDVR0OBBYEFHxfAbr6PQ5Xgc+jVx+AGTPnnpWZMA0GCSqGSIb3DQEBCwUAA4IBAQAZBMJ29/2idv1ztC6ArHtB4kw/nHHwthXFwtWAN7sRPB8tLW7fD8aJ43RQr5107Bg1Lgkmt+FZxpafqUC/mukjIzGzbW0COMSOTcWUGss+HxK6M6Fl9aOzKJMct1uOSpPFgjItcGqydGZXR2FH93vXWoAotUwtZ119IixIdxpOJwYJg0HFn+GEfpU1PmiLfq2/uwqJ0hGCNfNcm9puagzhQrcDFOnolxjnYPSfSkU5wxlGo99yE5eJwoHXXU7csaZVttmx7sPj1lUENogXUM6JMqzSyEIm1XCOCL8rZJkZ781W5CwZhuJTNzV31sBREs8FaaCeksu7Y48BmkUqw6E9</ds:X509Certificate>\n </ds:X509Data>\n </ds:KeyInfo>\n </KeyDescriptor>\n <ArtifactResolutionService index=\"0\" isDefault=\"true\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://idp.example.com:8080/openam/ArtifactResolver/metaAlias/idp\"/>\n <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://idp.example.com:8080/openam/IDPSloRedirect/metaAlias/idp\" ResponseLocation=\"http://idp.example.com:8080/openam/IDPSloRedirect/metaAlias/idp\"/>\n <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://idp.example.com:8080/openam/IDPSloPOST/metaAlias/idp\" ResponseLocation=\"http://idp.example.com:8080/openam/IDPSloPOST/metaAlias/idp\"/>\n <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://idp.example.com:8080/openam/IDPSloSoap/metaAlias/idp\"/>\n <ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://idp.example.com:8080/openam/IDPMniRedirect/metaAlias/idp\" ResponseLocation=\"http://idp.example.com:8080/openam/IDPMniRedirect/metaAlias/idp\"/>\n <ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://idp.example.com:8080/openam/IDPMniPOST/metaAlias/idp\" ResponseLocation=\"http://idp.example.com:8080/openam/IDPMniPOST/metaAlias/idp\"/>\n <ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://idp.example.com:8080/openam/IDPMniSoap/metaAlias/idp\"/>\n <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>\n <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>\n <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>\n <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>\n <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>\n <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>\n <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>\n <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://idp.example.com:8080/openam/SSORedirect/metaAlias/idp\"/>\n <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://idp.example.com:8080/openam/SSOPOST/metaAlias/idp\"/>\n <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://idp.example.com:8080/openam/SSOSoap/metaAlias/idp\"/>\n <NameIDMappingService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://idp.example.com:8080/openam/NIMSoap/metaAlias/idp\"/>\n <AssertionIDRequestService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://idp.example.com:8080/openam/AIDReqSoap/IDPRole/metaAlias/idp\"/>\n <AssertionIDRequestService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:URI\" Location=\"http://idp.example.com:8080/openam/AIDReqUri/IDPRole/metaAlias/idp\"/>\n </IDPSSODescriptor>\n</EntityDescriptor>\n\n",
"entityConfig": "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n<EntityConfig entityID=\"http://idp.example.com:8080/openam\" hosted=\"true\" xmlns=\"urn:sun:fm:SAML:2.0:entityconfig\">\n <IDPSSOConfig metaAlias=\"/idp\">\n <Attribute name=\"description\">\n <Value/>\n </Attribute>\n <Attribute name=\"signingCertAlias\">\n <Value>test</Value>\n </Attribute>\n <Attribute name=\"encryptionCertAlias\">\n <Value/>\n </Attribute>\n <Attribute name=\"basicAuthOn\">\n <Value>false</Value>\n </Attribute>\n <Attribute name=\"basicAuthUser\">\n <Value/>\n </Attribute>\n <Attribute name=\"basicAuthPassword\">\n <Value/>\n </Attribute>\n <Attribute name=\"autofedEnabled\">\n <Value>false</Value>\n </Attribute>\n <Attribute name=\"autofedAttribute\">\n <Value/>\n </Attribute>\n <Attribute name=\"assertionEffectiveTime\">\n <Value>600</Value>\n </Attribute>\n <Attribute name=\"idpAuthncontextMapper\">\n <Value>com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper</Value>\n </Attribute>\n <Attribute name=\"idpAuthncontextClassrefMapping\">\n <Value>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|0||default</Value>\n </Attribute>\n <Attribute name=\"idpAccountMapper\">\n <Value>com.sun.identity.saml2.plugins.DefaultIDPAccountMapper</Value>\n </Attribute>\n <Attribute name=\"idpDisableNameIDPersistence\">\n <Value>false</Value>\n </Attribute>\n <Attribute name=\"idpAttributeMapper\">\n <Value>com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper</Value>\n </Attribute>\n <Attribute name=\"assertionIDRequestMapper\">\n <Value>com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper</Value>\n </Attribute>\n <Attribute name=\"nameIDFormatMap\">\n <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress=mail</Value>\n <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName=</Value>\n <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName=</Value>\n <Value>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos=</Value>\n <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified=</Value>\n </Attribute>\n <Attribute name=\"idpECPSessionMapper\">\n <Value>com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper</Value>\n </Attribute>\n <Attribute name=\"attributeMap\"/>\n <Attribute name=\"wantNameIDEncrypted\">\n <Value/>\n </Attribute>\n <Attribute name=\"wantArtifactResolveSigned\">\n <Value/>\n </Attribute>\n <Attribute name=\"wantLogoutRequestSigned\">\n <Value/>\n </Attribute>\n <Attribute name=\"wantLogoutResponseSigned\">\n <Value/>\n </Attribute>\n <Attribute name=\"wantMNIRequestSigned\">\n <Value/>\n </Attribute>\n <Attribute name=\"wantMNIResponseSigned\">\n <Value/>\n </Attribute>\n <Attribute name=\"cotlist\">\n <Value>test</Value>\n </Attribute>\n <Attribute name=\"discoveryBootstrappingEnabled\">\n <Value>false</Value>\n </Attribute>\n <Attribute name=\"assertionCacheEnabled\">\n <Value>false</Value>\n </Attribute>\n <Attribute name=\"assertionNotBeforeTimeSkew\">\n <Value>600</Value>\n </Attribute>\n <Attribute name=\"saeAppSecretList\"/>\n <Attribute name=\"saeIDPUrl\">\n <Value>http://idp.example.com:8080/openam/idpsaehandler/metaAlias/idp</Value>\n </Attribute>\n <Attribute name=\"AuthUrl\">\n <Value/>\n </Attribute>\n <Attribute name=\"appLogoutUrl\">\n <Value/>\n </Attribute>\n <Attribute name=\"idpSessionSyncEnabled\">\n <Value>false</Value>\n </Attribute>\n <Attribute name=\"relayStateUrlList\"/>\n </IDPSSOConfig>\n</EntityConfig>\n\n",
"_type": {
"_id": "saml2",
"name": "Entity Descriptor ",
"collection": true
}
}'
我知道有用于 OpenAM 的 REST API 用于某些功能,例如自助服务、身份验证等。但是我无法找到用于添加远程身份提供程序等的正确 API,
要么是我遗漏了什么,要么是由于某种原因,OpenAM 没有这样的 REST api。原因可能是他们没有计划,或者当前版本中还没有。
有什么方法可以在不使用 OpenAM 管理控制台或 ssoadm 命令的情况下在 OpenAM 中注册 SAML IDP?
也将非常感谢指向正确代码组件的指针。
在 Access Manager 5 (OpenAM 14) 中,您可以使用 REST API 管理 SAML 实体。要创建新的托管 SAMLv2 IdP,您需要这样的东西:
curl -X POST \
'http://idp.example.com:8080/openam/json/realm-config/federation/entityproviders/saml2?_action=create' \
-H 'content-type: application/json' \
-H 'iplanetdirectorypro: <ADMIN_SESSION_ID>' \
-d '{
"_id": "http://idp.example.com:8080/openam",
"metadata": "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n<EntityDescriptor entityID=\"http://idp.example.com:8080/openam\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\">\n <IDPSSODescriptor WantAuthnRequestsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n <KeyDescriptor use=\"signing\">\n <ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n <ds:X509Data>\n <ds:X509Certificate>MIIDaDCCAlCgAwIBAgIDcB/YMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDzANBgNVBAsTBk9wZW5BTTENMAsGA1UEAxMEdGVzdDAeFw0xNjAzMTgxMTU2MjhaFw0yNjAzMTYxMTU2MjhaMGUxCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDzANBgNVBAsTBk9wZW5BTTENMAsGA1UEAxMEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNbl89eP6B8kZATNSPe3+OZ3esLx31hjX+dakHtPwXCAaCKqJFwjwKdxyRuPdsVG+8Dbk3PGhk26aJrSE93EpxeqmQqxNPMeD+N0/8pjkuVYWwPIQ/ts2iTiWOVn7wzlE4ASfvupqOR5pjuYMWNo/pd4L7QNjUCKoAt9H11HMyiP+6roo/EYgX4AH7OAhfUMncYsopWhkW/ze9z8wTXc8BAEgDmt8zFCez1CtqJB/MlSBUGDgk8oHYDsHKmx05baBaOBQ8LRGP5SULSbRtu34eLFootBIn0FvUZSnwTiSpbaHHRgWrMOVm07oSLWBuO3h/bj38zBuuqqVsAK8YuyoECAwEAAaMhMB8wHQYDVR0OBBYEFHxfAbr6PQ5Xgc+jVx+AGTPnnpWZMA0GCSqGSIb3DQEBCwUAA4IBAQAZBMJ29/2idv1ztC6ArHtB4kw/nHHwthXFwtWAN7sRPB8tLW7fD8aJ43RQr5107Bg1Lgkmt+FZxpafqUC/mukjIzGzbW0COMSOTcWUGss+HxK6M6Fl9aOzKJMct1uOSpPFgjItcGqydGZXR2FH93vXWoAotUwtZ119IixIdxpOJwYJg0HFn+GEfpU1PmiLfq2/uwqJ0hGCNfNcm9puagzhQrcDFOnolxjnYPSfSkU5wxlGo99yE5eJwoHXXU7csaZVttmx7sPj1lUENogXUM6JMqzSyEIm1XCOCL8rZJkZ781W5CwZhuJTNzV31sBREs8FaaCeksu7Y48BmkUqw6E9</ds:X509Certificate>\n </ds:X509Data>\n </ds:KeyInfo>\n </KeyDescriptor>\n <ArtifactResolutionService index=\"0\" isDefault=\"true\" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://idp.example.com:8080/openam/ArtifactResolver/metaAlias/idp\"/>\n <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://idp.example.com:8080/openam/IDPSloRedirect/metaAlias/idp\" ResponseLocation=\"http://idp.example.com:8080/openam/IDPSloRedirect/metaAlias/idp\"/>\n <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://idp.example.com:8080/openam/IDPSloPOST/metaAlias/idp\" ResponseLocation=\"http://idp.example.com:8080/openam/IDPSloPOST/metaAlias/idp\"/>\n <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://idp.example.com:8080/openam/IDPSloSoap/metaAlias/idp\"/>\n <ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://idp.example.com:8080/openam/IDPMniRedirect/metaAlias/idp\" ResponseLocation=\"http://idp.example.com:8080/openam/IDPMniRedirect/metaAlias/idp\"/>\n <ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://idp.example.com:8080/openam/IDPMniPOST/metaAlias/idp\" ResponseLocation=\"http://idp.example.com:8080/openam/IDPMniPOST/metaAlias/idp\"/>\n <ManageNameIDService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://idp.example.com:8080/openam/IDPMniSoap/metaAlias/idp\"/>\n <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>\n <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>\n <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>\n <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>\n <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</NameIDFormat>\n <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</NameIDFormat>\n <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>\n <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://idp.example.com:8080/openam/SSORedirect/metaAlias/idp\"/>\n <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://idp.example.com:8080/openam/SSOPOST/metaAlias/idp\"/>\n <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://idp.example.com:8080/openam/SSOSoap/metaAlias/idp\"/>\n <NameIDMappingService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://idp.example.com:8080/openam/NIMSoap/metaAlias/idp\"/>\n <AssertionIDRequestService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\" Location=\"http://idp.example.com:8080/openam/AIDReqSoap/IDPRole/metaAlias/idp\"/>\n <AssertionIDRequestService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:URI\" Location=\"http://idp.example.com:8080/openam/AIDReqUri/IDPRole/metaAlias/idp\"/>\n </IDPSSODescriptor>\n</EntityDescriptor>\n\n",
"entityConfig": "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n<EntityConfig entityID=\"http://idp.example.com:8080/openam\" hosted=\"true\" xmlns=\"urn:sun:fm:SAML:2.0:entityconfig\">\n <IDPSSOConfig metaAlias=\"/idp\">\n <Attribute name=\"description\">\n <Value/>\n </Attribute>\n <Attribute name=\"signingCertAlias\">\n <Value>test</Value>\n </Attribute>\n <Attribute name=\"encryptionCertAlias\">\n <Value/>\n </Attribute>\n <Attribute name=\"basicAuthOn\">\n <Value>false</Value>\n </Attribute>\n <Attribute name=\"basicAuthUser\">\n <Value/>\n </Attribute>\n <Attribute name=\"basicAuthPassword\">\n <Value/>\n </Attribute>\n <Attribute name=\"autofedEnabled\">\n <Value>false</Value>\n </Attribute>\n <Attribute name=\"autofedAttribute\">\n <Value/>\n </Attribute>\n <Attribute name=\"assertionEffectiveTime\">\n <Value>600</Value>\n </Attribute>\n <Attribute name=\"idpAuthncontextMapper\">\n <Value>com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper</Value>\n </Attribute>\n <Attribute name=\"idpAuthncontextClassrefMapping\">\n <Value>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|0||default</Value>\n </Attribute>\n <Attribute name=\"idpAccountMapper\">\n <Value>com.sun.identity.saml2.plugins.DefaultIDPAccountMapper</Value>\n </Attribute>\n <Attribute name=\"idpDisableNameIDPersistence\">\n <Value>false</Value>\n </Attribute>\n <Attribute name=\"idpAttributeMapper\">\n <Value>com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper</Value>\n </Attribute>\n <Attribute name=\"assertionIDRequestMapper\">\n <Value>com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper</Value>\n </Attribute>\n <Attribute name=\"nameIDFormatMap\">\n <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress=mail</Value>\n <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName=</Value>\n <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName=</Value>\n <Value>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos=</Value>\n <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified=</Value>\n </Attribute>\n <Attribute name=\"idpECPSessionMapper\">\n <Value>com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper</Value>\n </Attribute>\n <Attribute name=\"attributeMap\"/>\n <Attribute name=\"wantNameIDEncrypted\">\n <Value/>\n </Attribute>\n <Attribute name=\"wantArtifactResolveSigned\">\n <Value/>\n </Attribute>\n <Attribute name=\"wantLogoutRequestSigned\">\n <Value/>\n </Attribute>\n <Attribute name=\"wantLogoutResponseSigned\">\n <Value/>\n </Attribute>\n <Attribute name=\"wantMNIRequestSigned\">\n <Value/>\n </Attribute>\n <Attribute name=\"wantMNIResponseSigned\">\n <Value/>\n </Attribute>\n <Attribute name=\"cotlist\">\n <Value>test</Value>\n </Attribute>\n <Attribute name=\"discoveryBootstrappingEnabled\">\n <Value>false</Value>\n </Attribute>\n <Attribute name=\"assertionCacheEnabled\">\n <Value>false</Value>\n </Attribute>\n <Attribute name=\"assertionNotBeforeTimeSkew\">\n <Value>600</Value>\n </Attribute>\n <Attribute name=\"saeAppSecretList\"/>\n <Attribute name=\"saeIDPUrl\">\n <Value>http://idp.example.com:8080/openam/idpsaehandler/metaAlias/idp</Value>\n </Attribute>\n <Attribute name=\"AuthUrl\">\n <Value/>\n </Attribute>\n <Attribute name=\"appLogoutUrl\">\n <Value/>\n </Attribute>\n <Attribute name=\"idpSessionSyncEnabled\">\n <Value>false</Value>\n </Attribute>\n <Attribute name=\"relayStateUrlList\"/>\n </IDPSSOConfig>\n</EntityConfig>\n\n",
"_type": {
"_id": "saml2",
"name": "Entity Descriptor ",
"collection": true
}
}'