Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
72:integration:saml [2018/10/16 09:53] emr72:integration:saml [2018/10/26 13:28] emr
Line 41: Line 41:
                         providerId="<yourStagesURL>"                         providerId="<yourStagesURL>"
                         signatureKeyAlias="samlkeyalias"                         signatureKeyAlias="samlkeyalias"
-   >+      >
         </service-provider>         </service-provider>
  
Line 51: Line 51:
 The ''providerId'' can be an arbitrary name, but it should be globally unique, so it is a good practice to use your Stages URL. The ''providerId'' can be an arbitrary name, but it should be globally unique, so it is a good practice to use your Stages URL.
  
-The ''signatureKeyAlias'' identifies the key to be used for signing the SAML request, so it needs to match either the key you generated above or your server certificate alias.  If it is not set, the SAML request will not be signed.+The ''signatureKeyAlias'' identifies the key to be used for signing the SAML request, so it needs to match either the key you generated above or your server certificate alias. If it is not set, the SAML request will not be signed.
 ===== Configure the SAML Identity Provider (IdP) ===== ===== Configure the SAML Identity Provider (IdP) =====
  
Line 58: Line 58:
 The most reliable way to configure the SAML Identity Provider (IdP) is to ask the access management team for the IdP metadata. The most reliable way to configure the SAML Identity Provider (IdP) is to ask the access management team for the IdP metadata.
  
-From this metadata, you will be able to derive the parameters for the following configuration:+From this metadata, you will be able to derive the parameters 
 + 
 +  * EntityIdfromMetadata 
 +  * SingleSignOnServiceLocationFromMetadata 
 +  * DisplayName (alternative: FirstName, LastName) 
 +  * EMailAddress 
 + 
 +for the following configuration:
  
 <code> <code>
Line 69: Line 76:
                         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"                         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
                         userFullnameTemplate="%firstname% %lastname%"                         userFullnameTemplate="%firstname% %lastname%"
-                   >+               >
             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->
             <identity-provider-attribute name="username" id="http://schemas.stages.methodpark.com/saml/v2/identity/claims/subject" />             <identity-provider-attribute name="username" id="http://schemas.stages.methodpark.com/saml/v2/identity/claims/subject" />
Line 133: Line 140:
  
 After you configured the service provider and identity provider in ''config.xml'', update the configuration via "''stages update''" and restart the Stages service. After you configured the service provider and identity provider in ''config.xml'', update the configuration via "''stages update''" and restart the Stages service.
 +
 ===== Generate the SAML SP metadata ===== ===== Generate the SAML SP metadata =====
  
Line 141: Line 149:
 ===== Validated IdP Vendors ===== ===== Validated IdP Vendors =====
  
-The following IdP servers have been tested sucessfully with Stages SAML:+Stages SAML has successfully been deployed with the following IdP servers:
  
   * Cisco Central Web Authentication (CWA)   * Cisco Central Web Authentication (CWA)
 +  * Oracle Access Manager (OAM)
   * Shibboleth IdP   * Shibboleth IdP