Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
<?xml version="1.0" encoding="UTF-8"?>

<svc:service-config
    xmlns:svc='http://collectionspace.org/services/config'
    xmlns:merge='http://xmlmerge.el4j.elca.ch'
>
    <security>
        <sso>
            <saml>
                <single-logout />

                <relying-party-registrations>
                    <relying-party id="auth0">
                        <name>Auth0</name>
                        <icon location="https://cdn.auth0.com/manhattan/versions/1.4478.0/assets/badge.png" />
                        <metadata location="https://dev-vynkcnqhac3c0s10.us.auth0.com/samlp/metadata/aiXoltFSsQymeHorBxWM5pGLxnslocpe" />

                        <signing-x509-credentials>
                            <x509-credential>
                                <private-key location="file:///home/collectionspace/tomcat/cspace/services/credentials/private.key" />
                                <x509-certificate location="file:///home/collectionspace/tomcat/cspace/services/credentials/certificate.crt" />
                            </x509-credential>
                        </signing-x509-credentials>
                    </relying-party>
                </relying-party-registrations>
            </saml>
        </sso>
    </security>
</svc:service-config>
#DEEBFF
Panel
bgColor
Info

The merge result can be fine tuned by adding attributes from the merge namespace defined in the example. In most cases, the default merge behavior (no merge attributes, as above) is sufficient. See the XmlMerge documentation for details.

...

The presence of this element enables SAML single logout (SLO). At present, only RP-initiated logout (logging out of CollectionSpace also logs the user out of the SAML identity provider) is supported. AP-initiated logout (logging out of the SAML IdP also logs the user out of CollectionSpace) may be supported in the future.

Infonote

Enabling single logout enables the feature for every registered relying party. There is currently no way to enable SLO only for certain relying parties.

Infonote

If single logout is enabled, credentials for signing must be present in the configuration of every registered relying party, since single logout requests must be signed.

...