...
Code Block | ||
---|---|---|
| ||
<?xml version="1.0" encoding="UTF-8"?> <svc:service-config xmlns:svc='http://collectionspace.org/services/config' xmlns:merge='http://xmlmerge.el4j.elca.ch' > <security> <sso> <saml> <single-logout /> <relying-party-registrations> <relying-party id="auth0"> <name>Auth0</name> <icon location="https://cdn.auth0.com/manhattan/versions/1.4478.0/assets/badge.png" /> <metadata location="https://dev-vynkcnqhac3c0s10.us.auth0.com/samlp/metadata/aiXoltFSsQymeHorBxWM5pGLxnslocpe" /> <signing-x509-credentials> <x509-credential> <private-key location="file:///home/collectionspace/tomcat/cspace/services/credentials/private.key" /> <x509-certificate location="file:///home/collectionspace/tomcat/cspace/services/credentials/certificate.crt" /> </x509-credential> </signing-x509-credentials> </relying-party> </relying-party-registrations> </saml> </sso> </security> </svc:service-config> |
Panel | bgColor | #DEEBFF
---|
Info |
The merge result can be fine tuned by adding attributes from the |
...
The presence of this element enables SAML single logout (SLO). At present, only RP-initiated logout (logging out of CollectionSpace also logs the user out of the SAML identity provider) is supported. AP-initiated logout (logging out of the SAML IdP also logs the user out of CollectionSpace) may be supported in the future.
Infonote |
---|
Enabling single logout enables the feature for every registered relying party. There is currently no way to enable SLO only for certain relying parties. |
Infonote |
---|
If single logout is enabled, credentials for signing must be present in the configuration of every registered relying party, since single logout requests must be signed. |
...