Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
72:integration:saml [2018/10/16 09:53] emr72:integration:saml [2018/10/25 18:01] emr
Line 39: Line 39:
  
         <service-provider         <service-provider
-                        providerId="<yourStagesURL>"+                        providerId="//<yourStagesURL>//"
                         signatureKeyAlias="samlkeyalias"                         signatureKeyAlias="samlkeyalias"
-   >+  >
         </service-provider>         </service-provider>
  
Line 51: Line 51:
 The ''providerId'' can be an arbitrary name, but it should be globally unique, so it is a good practice to use your Stages URL. The ''providerId'' can be an arbitrary name, but it should be globally unique, so it is a good practice to use your Stages URL.
  
-The ''signatureKeyAlias'' identifies the key to be used for signing the SAML request, so it needs to match either the key you generated above or your server certificate alias.  If it is not set, the SAML request will not be signed.+The ''signatureKeyAlias'' identifies the key to be used for signing the SAML request, so it needs to match either the key you generated above or your server certificate alias. If it is not set, the SAML request will not be signed.
 ===== Configure the SAML Identity Provider (IdP) ===== ===== Configure the SAML Identity Provider (IdP) =====
  
Line 65: Line 65:
  
         <identity-provider         <identity-provider
-                        providerId="<EntityIDfromMetadata>" +                        providerId="//<EntityIDfromMetadata>//
-                        providerUrl="<SingleSignOnServiceLocationFromMetadata>"+                        providerUrl="//<SingleSignOnServiceLocationFromMetadata>//"
                         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"                         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
                         userFullnameTemplate="%firstname% %lastname%"                         userFullnameTemplate="%firstname% %lastname%"
-                   >+                  >
             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->
             <identity-provider-attribute name="username" id="http://schemas.stages.methodpark.com/saml/v2/identity/claims/subject" />             <identity-provider-attribute name="username" id="http://schemas.stages.methodpark.com/saml/v2/identity/claims/subject" />
  
             <!-- either "fullname" or "firstname" and "lastname" need to be defined -->             <!-- either "fullname" or "firstname" and "lastname" need to be defined -->
-            <!--<identity-provider-attribute name="fullname" id="<DisplayName>" />--> +            <!--<identity-provider-attribute name="fullname" id="//<DisplayName>//" />--> 
-            <identity-provider-attribute name="firstname" id="<FirstName>" /> +            <identity-provider-attribute name="firstname" id="//<FirstName>//" /> 
-            <identity-provider-attribute name="lastname" id="<LastName>" />+            <identity-provider-attribute name="lastname" id="//<LastName>//" />
  
-            <identity-provider-attribute name="email" id="<EMailAddress>" />+            <identity-provider-attribute name="email" id="//<EMailAddress>//" />
  
             <!-- This matches if the SAML assertion contains a SAML attribute "Organization" with value "External" -->             <!-- This matches if the SAML assertion contains a SAML attribute "Organization" with value "External" -->
Line 110: Line 110:
 MIIDCTCC... MIIDCTCC...
  
-   <Insert the X509Certificate "signing" key from the metadata here>+   //<Insert the X509Certificate "signing" key from the metadata here>//
  
 ...Qwgf5bXby+ug== ...Qwgf5bXby+ug==