Differences

This shows you the differences between two versions of the page.

--- 261:integration:saml [2026/04/28 08:10] – [Configuring Stages attributes in default-matcher section with JavaScript] Weinlein, Thomas
+++ 261:integration:saml [2026/04/28 09:04] (current) – [Configure signing] Weinlein, Thomas
@@ Line 242: / Line 242: @@
      [...]
  </method>
+</code>
+===== Configure signature validation =====
+By default Stages send authentication requests signed and expects assertions in the response as well as the response itself to be signed.
+In case this is not supported by the IDP it can be disabled by setting the according property to **false**.
+//Please use with care as it degrades security.//
+<code xml>
+<method type="SAML2" [...]>
+    <properties> <!-- implicit default values -->
+        <property name="authnRequestSigned" value="true" />
+        <property name="wantsAssertionsSigned" value="true" />
+        <property name="wantsResponsesSigned" value="true" />
+    </properties>
+</method>
+</code>
+===== Configure multiple SAML IDPs =====
+Stages does now allow to configure multiple IDPs. Just add another authentication method of type SAML2 and ensure it has an **unique name**. E.g.
+<code xml>
+<authentication>
+    [...]
+    <method type="SAML2" name="saml-idp-1" enabled="${idp1.saml.enabled}">
+        [...]
+    </method>
+    <method type="SAML2" name="saml-idp-2" enabled="${idp2.saml.enabled}">
+        [...]
+    </method>
+</authentication>
+</code>
+This will create a SSO button on the login page for each IDP.
+Please provide a user understandable naming by defining a translation property for each login.sso.[name] propertyin each supported language:
+''conf/local.properties'', ''conf/local_de.properties'', ...
+<code properties>
+login.sso.saml-idp-1 = Single Sign-On for company 1
+login.sso.saml-idp-2 = Single Sign-On for company 2
 </code>