Changes made to SAML 2.0 connections on 5.0

Remove the "Single sign on artifact resolution" setting

We have retired the "Single sign on artifact resolution" setting and replaced it with the "Artifact Resolution Services" which can support multiple artifact resolution services:

artifact-resolution-services.png

More details about this "Artifact resolution services" setting can be found at this document

Support multiple assertion consumer services

Prior to version 5.0, while Identify is able to import multiple assertion consumer services from an Service provider's metadata, it always uses the first endpoint to response to the Service provider. Identify is now able to truly support multiple assertion consumer services as well as adheres to the AssertionConsumerServiceUrl and AssertionConsumerServiceIndex attributes of AuthnRequests from Service providers. When an Service provider has more than one assertion consumer service endpoints, Identify attempts to pick one endpoint in the following order:

  1. Use AuthnRequest's assertion consumer service index.
  2. If the index is not set, Identify will use an assertion consumer service which is configured as "Default".
  3. Otherwise, Identify will use the first assertion consumer service endpoint.

saml20-assertion-consumer-services

More details about this "Assertion consumer services" setting can be found at this document

New certificate control

Since we have moved all trusted certificates in Windows Certificate Store to Identify's own database, we also updated the certificate control to reflect the fact that only certificate thumbprints are matter now:

saml20-certificate-settings