Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
711:integration:saml [2024/08/29 14:19] – created - external edit 127.0.0.1711:integration:saml [2026/02/20 14:12] (current) – [Generate the SAML SP metadata] Suess, Bernhard
Line 67: Line 67:
  
 After configuring the SAML SP and logged on as root, you can download the SAML SP metadata directly by navigating to the URL ''[[http://<yourstages|https://<yourstages]]>/stages/rest/saml/metadata'' After configuring the SAML SP and logged on as root, you can download the SAML SP metadata directly by navigating to the URL ''[[http://<yourstages|https://<yourstages]]>/stages/rest/saml/metadata''
 +
 +For SP metadata generated correctly the whole authentication section must be present in config.xml : https://doc.stagesasaservice.com/711/integration/saml#configure-the-saml-identity-provider-idp
  
 The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP. The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP.
Line 92: Line 94:
 <code> <code>
  
-<authentication> +<authentication 
-    ...+     enabled="true" 
 +     keystoreFile="/opt/stages/conf/saml-keystore.jks" 
 +     keystorePass="changeit"> 
 + 
 +    <service-provider 
 +         providerId="yourStagesURL" 
 +         keyAlias="samlkeyalias"> 
 + 
 +    </service-provider>
  
     <identity-provider     <identity-provider
-        providerId="<EntityIDfromMetadata>+        providerId="EntityIDfromMetadata" 
-        providerUrl="<SingleSignOnServiceLocationFromMetadata>"+        providerUrl="SingleSignOnServiceLocationFromMetadata"
         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
         sendBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"         sendBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Line 110: Line 120:
  
         <!-- either "fullname" or "firstname" and "lastname" need to be defined -->         <!-- either "fullname" or "firstname" and "lastname" need to be defined -->
-        <!--<identity-provider-attribute name="fullname" id="<DisplayName>" />--> +        <!--<identity-provider-attribute name="fullname" id="DisplayName" />--> 
-        <identity-provider-attribute name="firstname" id="<FirstName>" /> +        <identity-provider-attribute name="firstname" id="FirstName" /> 
-        <identity-provider-attribute name="lastname" id="<LastName>" />+        <identity-provider-attribute name="lastname" id="LastName" />
  
-        <identity-provider-attribute name="email" id="<EMailAddress>" />+        <identity-provider-attribute name="email" id="EMailAddress" />
  
         <!-- This matches if the SAML assertion contains a SAML attribute "Organization" with value "External" -->         <!-- This matches if the SAML assertion contains a SAML attribute "Organization" with value "External" -->
Line 146: Line 156:
         -->         -->
         <certificate use="signing">${saml.idp.signatureCertificate}         <certificate use="signing">${saml.idp.signatureCertificate}
-MIIDCTCC... 
  
-       <Insert the X509Certificate "signing" key from the metadata here> +       <!-- MIIDCTCC...Qwgf5bXby+ug==   -->
- +
-...Qwgf5bXby+ug==+
         </certificate>         </certificate>
  
Line 157: Line 164:
              encryption certifacte. The key data can also be copied from the              encryption certifacte. The key data can also be copied from the
              IdP metadata. If no encryption certificate is specified, no encrypted              IdP metadata. If no encryption certificate is specified, no encrypted
-             assertion can be accepted. --> +             assertion can be accepted. 
-        <certificate use="''encryption''"> +        --> 
-MIIDCTCC... +        <certificate use="encryption">${saml.idp.encryptionCertificate} 
- +                <!-- MIIDCTCC...Qwgf5bXby+ug==  --
-        <Insert the X509Certificate "encryption" key from the metadata here> +       </certificate>
- +
-...Qwgf5bXby+ug== </certificate+
-        </certificate>+
     </identity-provider>     </identity-provider>
  
Line 244: Line 248:
  
 </code> </code>
 +
 +**Names of license types for license assignment**
 +
 +^License name^License type^
 +|Modeler|QM|
 +|Contributor|FloatingADev|
 +|Participant|FloatingDev|
 +|Project Manager|FloatingPM|
 +|Viewer|AuthPsReader|
  
 **Example configuration:** \\  \\ This example creates Stages users with the following conditions: **Example configuration:** \\  \\ This example creates Stages users with the following conditions: