SAML2 Metadata Management
The following CAS endpoints handle the generation of SAML2 metadata:
/idp/metadata
This endpoint will display the CAS IdP SAML2 metadata upon receiving a GET request. If metadata is already available and generated, it will be displayed. If metadata is absent, one will be generated automatically. CAS configuration below dictates where metadata files/keys will be generated and stored.
Note that the endpoint can accept a service
parameter either by entity id or numeric identifier. This parameter
is matched against the CAS service registry allowing the endpoint to calculate and combine any identity provider
metadata overrides that may have been specified.
The following settings and properties are available from the CAS configuration catalog:
cas.authn.saml-idp.metadata.core.cache-expiration=PT24H
How long should metadata be cached. This settings supports the
|
cas.authn.saml-idp.metadata.core.cache-maximum-size=10000
Specifies the maximum number of entries the cache may contain. Note that the cache may evict an entry before this limit is exceeded or temporarily exceed the threshold while evicting. As the cache size grows close to the maximum, the cache evicts entries that are less likely to be used again. For example, the cache may evict an entry because it hasn't been used recently or very often.
|
cas.authn.saml-idp.metadata.core.fail-fast=true
Whether invalid metadata should eagerly fail quickly on startup once the resource is parsed.
|
cas.authn.saml-idp.metadata.core.require-valid-metadata=true
Whether valid metadata is required.
|
cas.authn.saml-idp.metadata.core.slo-service-post-binding-enabled=true
Whether metadata generation process should support SLO service POST binding.
|
cas.authn.saml-idp.metadata.core.slo-service-redirect-binding-enabled=true
Whether metadata generation process should support SLO service REDIRECT binding.
|
cas.authn.saml-idp.metadata.core.sso-service-post-binding-enabled=true
Whether metadata generation process should support SSO service POST binding.
|
cas.authn.saml-idp.metadata.core.sso-service-post-simple-sign-binding-enabled=true
Whether metadata generation process should support SSO service POST SimpleSign binding.
|
cas.authn.saml-idp.metadata.core.sso-service-redirect-binding-enabled=true
Whether metadata generation process should support SSO service REDIRECT binding.
|
cas.authn.saml-idp.metadata.core.sso-service-soap-binding-enabled=true
Whether metadata generation process should support SSO service SOAP binding.
|