WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
SAML2 Metadata Management
The following CAS endpoints handle the generation of SAML2 metadata:
/idp/metadata
This endpoint will display the CAS IdP SAML2 metadata upon receiving a GET request. If metadata is already available and generated, it will be displayed. If metadata is absent, one will be generated automatically. CAS configuration below dictates where metadata files/keys will be generated and stored.
Note that the endpoint can accept a service
parameter either by entity id or numeric identifier. This parameter
is matched against the CAS service registry allowing the endpoint to calculate and combine any identity provider
metadata overrides that may have been specified.
The following settings and properties are available from the CAS configuration catalog:
cas.authn.saml-idp.metadata.core.cache-expiration=PT24H
How long should metadata be cached. This settings supports the
|
cas.authn.saml-idp.metadata.core.cache-maximum-size=10000
Specifies the maximum number of entries the cache may contain. Note that the cache may evict an entry before this limit is exceeded or temporarily exceed the threshold while evicting. As the cache size grows close to the maximum, the cache evicts entries that are less likely to be used again. For example, the cache may evict an entry because it hasn't been used recently or very often. |
cas.authn.saml-idp.metadata.core.certificate-algorithm=SHA512withRSA
The algorithm type/name that is used when generating certificates for the SAML2 identity provider. This setting is only relevant when artifacts needs to be generated. |
cas.authn.saml-idp.metadata.core.fail-fast=true
Whether invalid metadata should eagerly fail quickly on startup once the resource is parsed. |
cas.authn.saml-idp.metadata.core.key-size=4096
This is the key size that is used when generating the initial keypair that would hold the private/public key for the SAML2 metadata. This setting is only relevant when artifacts needs to be generated. |
cas.authn.saml-idp.metadata.core.require-valid-metadata=true
Whether valid metadata is required. |
cas.authn.saml-idp.metadata.core.slo-service-post-binding-enabled=true
Whether metadata generation process should support SLO service POST binding. |
cas.authn.saml-idp.metadata.core.slo-service-redirect-binding-enabled=true
Whether metadata generation process should support SLO service REDIRECT binding. |
cas.authn.saml-idp.metadata.core.sso-service-post-binding-enabled=true
Whether metadata generation process should support SSO service POST binding. |
cas.authn.saml-idp.metadata.core.sso-service-post-simple-sign-binding-enabled=true
Whether metadata generation process should support SSO service POST SimpleSign binding. |
cas.authn.saml-idp.metadata.core.sso-service-redirect-binding-enabled=true
Whether metadata generation process should support SSO service REDIRECT binding. |
cas.authn.saml-idp.metadata.core.sso-service-soap-binding-enabled=true
Whether metadata generation process should support SSO service SOAP binding. |