Limitations of SAML in the Loginapp REST API
The following limitations apply to the SAML IDP and SP implementation:
Topic | Details |
|---|---|
forceAuthn flag | If the SAML AuthnRequest contains the flag |
AuthnRequest flags | The following flags in the AuthnRequest are ignored: |
No multi IDP | An Airlock IAM instance cannot host multiple SAML IDPs (each with a different configuration). Not even using configuration context. |
Configuration contexts | The SAML IDP must be configured in the default configuration context. |
SP-initiated SLO | In SP-initiated SLO (single logout), the first LogoutRequest to the IDP defines the binding (redirect or POST) for all SPs. |
IDP-initiated SLO | In IDP-initiated SLO (single logout), the binding (redirect or POST) for all SPs is defined by the IDP. |