<SP entityID="sp" sslPolicy="ssl" nameIDPolicyFormat="format" forceAuthentication="true" isPassive="false"> ... </SP>
Here is the explanation of the SP element attributes:
This is the identifier for this client. The IdP needs this value to determine who the client is that is communicating with it. This setting is REQUIRED.
This is the SSL policy the adapter will enforce. Valid values are:
ALL, all requests must come in via HTTPS. For
EXTERNAL, only non-private IP addresses must come over the wire via HTTPS. For
NONE, no requests are required to come over via HTTPS. This setting is OPTIONAL. Default value is
SAML clients can request a specific NameID Subject format. Fill in this value if you want a specific format. It must be a standard SAML format identifier:
urn:oasis:names:tc:SAML:2.0:nameid-format:transient. This setting is OPTIONAL. By default, no special format is requested.
SAML clients can request that a user is re-authenticated even if they are already logged in at the IdP. Set this to
trueto enable. This setting is OPTIONAL. Default value is
SAML clients can request that a user is never asked to authenticate even if they are not logged in at the IdP. Set this to
trueif you want this. Do not use together with
forceAuthenticationas they are opposite. This setting is OPTIONAL. Default value is
The session ID is changed by default on a successful login on some platforms to plug a security attack vector. Change this to
trueto disable this. It is recommended you do not turn it off. Default value is