Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
711:integration:saml [2025/04/17 12:23] – [Configuring Stages attributes in default-matcher section with JavaScript] Doczkal, Tristan711:integration:saml [2026/02/20 14:12] (current) – [Generate the SAML SP metadata] Suess, Bernhard
Line 67: Line 67:
  
 After configuring the SAML SP and logged on as root, you can download the SAML SP metadata directly by navigating to the URL ''[[http://<yourstages|https://<yourstages]]>/stages/rest/saml/metadata'' After configuring the SAML SP and logged on as root, you can download the SAML SP metadata directly by navigating to the URL ''[[http://<yourstages|https://<yourstages]]>/stages/rest/saml/metadata''
 +
 +For SP metadata generated correctly the whole authentication section must be present in config.xml : https://doc.stagesasaservice.com/711/integration/saml#configure-the-saml-identity-provider-idp
  
 The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP. The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP.
Line 92: Line 94:
 <code> <code>
  
-<authentication> +<authentication 
-    ...+     enabled="true" 
 +     keystoreFile="/opt/stages/conf/saml-keystore.jks" 
 +     keystorePass="changeit"> 
 + 
 +    <service-provider 
 +         providerId="yourStagesURL" 
 +         keyAlias="samlkeyalias"> 
 + 
 +    </service-provider>
  
     <identity-provider     <identity-provider
-        providerId="<EntityIDfromMetadata>+        providerId="EntityIDfromMetadata" 
-        providerUrl="<SingleSignOnServiceLocationFromMetadata>"+        providerUrl="SingleSignOnServiceLocationFromMetadata"
         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
         sendBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"         sendBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Line 110: Line 120:
  
         <!-- either "fullname" or "firstname" and "lastname" need to be defined -->         <!-- either "fullname" or "firstname" and "lastname" need to be defined -->
-        <!--<identity-provider-attribute name="fullname" id="<DisplayName>" />--> +        <!--<identity-provider-attribute name="fullname" id="DisplayName" />--> 
-        <identity-provider-attribute name="firstname" id="<FirstName>" /> +        <identity-provider-attribute name="firstname" id="FirstName" /> 
-        <identity-provider-attribute name="lastname" id="<LastName>" />+        <identity-provider-attribute name="lastname" id="LastName" />
  
-        <identity-provider-attribute name="email" id="<EMailAddress>" />+        <identity-provider-attribute name="email" id="EMailAddress" />
  
         <!-- This matches if the SAML assertion contains a SAML attribute "Organization" with value "External" -->         <!-- This matches if the SAML assertion contains a SAML attribute "Organization" with value "External" -->
Line 146: Line 156:
         -->         -->
         <certificate use="signing">${saml.idp.signatureCertificate}         <certificate use="signing">${saml.idp.signatureCertificate}
-MIIDCTCC... 
  
-       <Insert the X509Certificate "signing" key from the metadata here> +       <!-- MIIDCTCC...Qwgf5bXby+ug==   -->
- +
-...Qwgf5bXby+ug==+
         </certificate>         </certificate>
  
Line 157: Line 164:
              encryption certifacte. The key data can also be copied from the              encryption certifacte. The key data can also be copied from the
              IdP metadata. If no encryption certificate is specified, no encrypted              IdP metadata. If no encryption certificate is specified, no encrypted
-             assertion can be accepted. --> +             assertion can be accepted. 
-        <certificate use="''encryption''"> +        --> 
-MIIDCTCC... +        <certificate use="encryption">${saml.idp.encryptionCertificate} 
- +                <!-- MIIDCTCC...Qwgf5bXby+ug==  --
-        <Insert the X509Certificate "encryption" key from the metadata here> +       </certificate>
- +
-...Qwgf5bXby+ug== </certificate+
-        </certificate>+
     </identity-provider>     </identity-provider>
  
Line 245: Line 249:
 </code> </code>
  
-Names of license types for license assignment+**Names of license types for license assignment**
  
-Modeler QM +^License name^License type^ 
-Contributor FloatingADev +|Modeler|QM| 
-Participant FloatingDev +|Contributor|FloatingADev| 
-Project Manager FloatingPM +|Participant|FloatingDev| 
-Viewer AuthPsReader+|Project Manager|FloatingPM| 
 +|Viewer|AuthPsReader|
  
 **Example configuration:** \\  \\ This example creates Stages users with the following conditions: **Example configuration:** \\  \\ This example creates Stages users with the following conditions: