...
XML element | Name | Use | Description |
---|---|---|---|
audienceUris | Audience URI | Required | The values of the list of audience URIs are verified against the element |
certificateStores | Trusted certificate store | Required | The list of keystores (JKS, PEM) includes at least the certificate of the Certificate Authorities (CA) which signed the certificate which is used to sign the SAML token. |
trustedIssuers | Trusted Issuers | Required | There are two ways to configure a trusted issuer (IDP). Either you configure the subject name and the CA(s) who signed the certificate of the IDP ( |
maximumClockSkew | Maximum Clock Skew | Optional | Maximum allowable time difference between the system clocks of the IDP and RP. |
tokenReplayCache | Token Replay Cache | Optional | The TokenReplayCache implementation to use to cache tokens. The default is an implementation based on EHCache. |
signingKey | Key for Signature | Optional | If configured, the published (WS-Federation) Metadata document is signed by this key. Otherwise, not signed. |
tokenDecryptionKey | Decryption Key | Optional | A Keystore used to decrypt an encrypted token. |
tokenExpirationValidation | Token Expiration Validation | Optional | Decision whether the token validation (e.g. lifetime) shall be performed on every request (true) or only once at initial authentication (false). The default is "false". |
WS-Federation protocol configuration reference
...