{% extends "base.html" %} {% block title %}Settings - NanoIDP{% endblock %} {% block content %}

IdP Settings

OAuth2 / OIDC Settings
Base URL used in JWT "iss" claim
Default audience for JWT "aud" claim
How long tokens are valid (default: 60 minutes)
Reject /authorize requests without a PKCE code_challenge (on by default in stricter-dev and implied by oauth21).
Each refresh invalidates the used refresh token; reuse revokes its rotation family (forced on by oauth21).
SAML Settings
SAML IdP Entity ID
SAML Single Sign-On endpoint
Default Assertion Consumer Service URL
Enable XML signature on SAML responses. Disable for testing unsigned flows.
Enforce SAML 2.0 binding compliance. When enabled, rejects GET requests with uncompressed data.
Verify AuthnRequest signatures (both bindings) against the registered SP certificates; advertised as WantAuthnRequestsSigned in metadata.
PEM certificate files of SPs whose AuthnRequest signatures are accepted.
XML canonicalization algorithm for SAML signatures
Allowed Identity Classes
One identity class per line (e.g., INTERNAL, EXTERNAL, PARTNER, SERVICE)
Preview Changes
Click "Refresh" to preview changes
IdP Endpoints
OIDC Discovery /.well-known/openid-configuration
JWKS Endpoint /.well-known/jwks.json
Token Endpoint /token
SAML Metadata /saml/metadata
SAML SSO /saml/sso
{% endblock %} {% block extra_js %} {% endblock %}