Release Notes › Federation Release Notes › New Features › eGov 1.5 Profile for SAML 2.0 Compliance

eGov 1.5 Profile for SAML 2.0 Compliance

Partnership federation is enhanced to comply with eGov 1.5 certifications. The new features apply only for SAML 2.0 and include:

• User Consent and customizable user consent form

  Before the Identity Provider sends identity information to a partner, the user must grant permission.

• Local Logout

  Local logout enables a user to be logged out at the local SP-side application. The session at the SP is removed, but no communication with the IdP or other SPs is involved.

• Use of an AllowCreate query parameter

  The product can use a query parameter to override the AllowCreate attribute. The query parameter can be part of a request from the Service Provider to the Identity Provider.

• Authentication Context support at the Identity Provider and Service Provider

  A Service Provider can now request information about how a user authenticates at the Identity Provider. An Identity Provider can respond to the authentication context request. If an Identity Provider initiates single sign-on and the authentication context is defined, the Identity Provider includes the authentication context in an assertion by default.

• SP Session Validity

  The product can now manage the duration of the authentication session at the Service Provider. The SessionNotOnOrAfter attribute is an optional attribute that the IdP can include in the <AuthnStatement> of an assertion.

• Control over Single Sign-on Initiation

  For SAML 2.0 partnerships, you can determine whether the IdP or the SP or both can initiate single sign-on.