Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
72:integration:saml [2018/10/25 18:01] emr72:integration:saml [2018/10/26 13:28] emr
Line 39: Line 39:
  
         <service-provider         <service-provider
-                        providerId="//<yourStagesURL>//"+                        providerId="<yourStagesURL>"
                         signatureKeyAlias="samlkeyalias"                         signatureKeyAlias="samlkeyalias"
-  >+      >
         </service-provider>         </service-provider>
  
Line 58: Line 58:
 The most reliable way to configure the SAML Identity Provider (IdP) is to ask the access management team for the IdP metadata. The most reliable way to configure the SAML Identity Provider (IdP) is to ask the access management team for the IdP metadata.
  
-From this metadata, you will be able to derive the parameters for the following configuration:+From this metadata, you will be able to derive the parameters 
 + 
 +  * EntityIdfromMetadata 
 +  * SingleSignOnServiceLocationFromMetadata 
 +  * DisplayName (alternative: FirstName, LastName) 
 +  * EMailAddress 
 + 
 +for the following configuration:
  
 <code> <code>
Line 65: Line 72:
  
         <identity-provider         <identity-provider
-                        providerId="//<EntityIDfromMetadata>//+                        providerId="<EntityIDfromMetadata>" 
-                        providerUrl="//<SingleSignOnServiceLocationFromMetadata>//"+                        providerUrl="<SingleSignOnServiceLocationFromMetadata>"
                         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"                         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
                         userFullnameTemplate="%firstname% %lastname%"                         userFullnameTemplate="%firstname% %lastname%"
-                  >+               >
             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->
             <identity-provider-attribute name="username" id="http://schemas.stages.methodpark.com/saml/v2/identity/claims/subject" />             <identity-provider-attribute name="username" id="http://schemas.stages.methodpark.com/saml/v2/identity/claims/subject" />
  
             <!-- either "fullname" or "firstname" and "lastname" need to be defined -->             <!-- either "fullname" or "firstname" and "lastname" need to be defined -->
-            <!--<identity-provider-attribute name="fullname" id="//<DisplayName>//" />--> +            <!--<identity-provider-attribute name="fullname" id="<DisplayName>" />--> 
-            <identity-provider-attribute name="firstname" id="//<FirstName>//" /> +            <identity-provider-attribute name="firstname" id="<FirstName>" /> 
-            <identity-provider-attribute name="lastname" id="//<LastName>//" />+            <identity-provider-attribute name="lastname" id="<LastName>" />
  
-            <identity-provider-attribute name="email" id="//<EMailAddress>//" />+            <identity-provider-attribute name="email" id="<EMailAddress>" />
  
             <!-- This matches if the SAML assertion contains a SAML attribute "Organization" with value "External" -->             <!-- This matches if the SAML assertion contains a SAML attribute "Organization" with value "External" -->
Line 110: Line 117:
 MIIDCTCC... MIIDCTCC...
  
-   //<Insert the X509Certificate "signing" key from the metadata here>//+   <Insert the X509Certificate "signing" key from the metadata here>
  
 ...Qwgf5bXby+ug== ...Qwgf5bXby+ug==
Line 133: Line 140:
  
 After you configured the service provider and identity provider in ''config.xml'', update the configuration via "''stages update''" and restart the Stages service. After you configured the service provider and identity provider in ''config.xml'', update the configuration via "''stages update''" and restart the Stages service.
 +
 ===== Generate the SAML SP metadata ===== ===== Generate the SAML SP metadata =====
  
Line 141: Line 149:
 ===== Validated IdP Vendors ===== ===== Validated IdP Vendors =====
  
-The following IdP servers have been tested sucessfully with Stages SAML:+Stages SAML has successfully been deployed with the following IdP servers:
  
   * Cisco Central Web Authentication (CWA)   * Cisco Central Web Authentication (CWA)
 +  * Oracle Access Manager (OAM)
   * Shibboleth IdP   * Shibboleth IdP