SAML 2.0 is a huge specification with numerous options from which organizations build their own derived specifications. Each derived specification usually has its own ideas about what is required, what is not, and what must be validated.
To cope with those specific requirements, Safewhere*Identify now introduces the “Profile” concept. When a specific profile is selected for a tenant or a connection, Identify applies profile-specific processing code for it. The two supported profiles in 4.3 are OIOSAML and eHerkenning. As a side note, choosing the "OIOSAML" profile will not be different from choosing the “None” profile because most of the default behaviors actually follow the OIOSAML specification.
You can configure it in the System Setup page:
This is how it looks in the SAML 2.0 Authentication Connection page:
Similarly, the SAML 2.0 Protocol Connection has the same setting:
Note: When the "Profile" setting is set to "eHerkenning" for a SAML 2.0 Protocol Connection, the following keys are added by default:
- AssertionConsumerServiceIndex: Default value is 0
- OrganizationDisplayName: Default value is Empty
- ServiceID: Default value is Empty
- ServiceUUID: Default value is Empty
Those settings are necessary for the flow “DV => HM => AD” so thus must be configured accordingly.