Differences

This shows you the differences between two versions of the page.

--- 711:integration:saml [2025/04/17 12:27] – [Configuring Stages attributes in default-matcher section with JavaScript] Doczkal, Tristan
+++ 711:integration:saml [2026/02/20 14:12] (current) – [Generate the SAML SP metadata] Suess, Bernhard
@@ Line 67: / Line 67: @@
 After configuring the SAML SP and logged on as root, you can download the SAML SP metadata directly by navigating to the URL ''[[http://<yourstages|https://<yourstages]]>/stages/rest/saml/metadata''
+For SP metadata generated correctly the whole authentication section must be present in config.xml : https://doc.stagesasaservice.com/711/integration/saml#configure-the-saml-identity-provider-idp
 The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP.
@@ Line 92: / Line 94: @@
 <code>
-<authentication>
+<authentication
-    ...
+     enabled="true"
+     keystoreFile="/opt/stages/conf/saml-keystore.jks"
+     keystorePass="changeit">
+    <service-provider
+         providerId="yourStagesURL"
+         keyAlias="samlkeyalias">
+    </service-provider>
     <identity-provider
-        providerId="<EntityIDfromMetadata>"
+        providerId="EntityIDfromMetadata"
-        providerUrl="<SingleSignOnServiceLocationFromMetadata>"
+        providerUrl="SingleSignOnServiceLocationFromMetadata"
         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
         sendBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
@@ Line 110: / Line 120: @@
         <!-- either "fullname" or "firstname" and "lastname" need to be defined -->
-        <!--<identity-provider-attribute name="fullname" id="<DisplayName>" />-->
+        <!--<identity-provider-attribute name="fullname" id="DisplayName" />-->
-        <identity-provider-attribute name="firstname" id="<FirstName>" />
+        <identity-provider-attribute name="firstname" id="FirstName" />
-        <identity-provider-attribute name="lastname" id="<LastName>" />
+        <identity-provider-attribute name="lastname" id="LastName" />
-        <identity-provider-attribute name="email" id="<EMailAddress>" />
+        <identity-provider-attribute name="email" id="EMailAddress" />
         <!-- This matches if the SAML assertion contains a SAML attribute "Organization" with value "External" -->
@@ Line 146: / Line 156: @@
         -->
         <certificate use="signing">${saml.idp.signatureCertificate}
-MIIDCTCC...
-       <Insert the X509Certificate "signing" key from the metadata here>
+       <!-- MIIDCTCC...Qwgf5bXby+ug==   -->
-...Qwgf5bXby+ug==
         </certificate>
@@ Line 157: / Line 164: @@
              encryption certifacte. The key data can also be copied from the
              IdP metadata. If no encryption certificate is specified, no encrypted
-             assertion can be accepted. -->
+             assertion can be accepted.
-        <certificate use="''encryption''">
+        -->
-MIIDCTCC...
+        <certificate use="encryption">${saml.idp.encryptionCertificate}
+                <!-- MIIDCTCC...Qwgf5bXby+ug==  -->
-        <Insert the X509Certificate "encryption" key from the metadata here>
+       </certificate>
-...Qwgf5bXby+ug== </certificate>
-        </certificate>
     </identity-provider>