class Duende.​IdentityServer.​Configuration.​SamlOptions

WantAuthnRequestsSigned

Gets or sets whether the IdP requires signed AuthnRequests. Defaults to false.

DefaultAttributeNameFormat

Default attribute name format to use when SP doesn't specify. Common values: - "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" (for OID format) - "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" (for simple names) Default: Uri (most common)

DefaultPersistentNameIdentifierClaimType

Default claim type to use when resolving a persistent name identifier based on where the host application has populated the value. Persistent name identifiers will not be generated and are the responsibility of the host application to create.

DefaultClaimMappings

Default mappings from claim types to SAML attribute names. Key: claim type (e.g., "email", "name") Value: SAML attribute name (e.g., "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name") Includes common OIDC to SAML attribute mappings by default. Service providers can override these mappings via SamlServiceProvider.ClaimMappings. If a claim type is not in this dictionary, the claim will be excluded from the SAML assertion.

SupportedNameIdFormats

Gets or sets the supported NameID formats. Defaults to EmailAddress, Persistent, Transient, and Unspecified.

DefaultClockSkew

Gets or sets the default clock skew tolerance for SAML message validation. Defaults to 5 minutes.

DefaultRequestMaxAge

Gets or sets the default maximum age for SAML authentication requests. Defaults to 5 minutes.

DefaultSigningBehavior

Gets or sets the default signing behavior for SAML messages. Defaults to <see cref="F:Duende.IdentityServer.Models.SamlSigningBehavior.SignAssertion" /> .

MaxRelayStateLength

Maximum length of the RelayState parameter, measured in bytes of its UTF-8 encoding. SAML spec recommends 80 bytes, but can be increased for SPs that support longer values. Default: 80 (UTF-8 bytes).

UserInteraction

Gets or sets the user interaction options for SAML endpoints.