Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
72:integration:saml [2018/10/25 18:01] – emr | 72:integration:saml [2019/03/13 12:29] – emr | ||
---|---|---|---|
Line 39: | Line 39: | ||
< | < | ||
- | providerId=" | + | providerId="< |
signatureKeyAlias=" | signatureKeyAlias=" | ||
- | | + | > |
</ | </ | ||
Line 58: | Line 58: | ||
The most reliable way to configure the SAML Identity Provider (IdP) is to ask the access management team for the IdP metadata. | The most reliable way to configure the SAML Identity Provider (IdP) is to ask the access management team for the IdP metadata. | ||
- | From this metadata, you will be able to derive the parameters for the following configuration: | + | From this metadata, you will be able to derive the parameters |
+ | |||
+ | * EntityIdfromMetadata | ||
+ | * SingleSignOnServiceLocationFromMetadata | ||
+ | * DisplayName (alternative: | ||
+ | * EMailAddress | ||
+ | |||
+ | for the following configuration: | ||
< | < | ||
Line 65: | Line 72: | ||
< | < | ||
- | providerId=" | + | providerId="< |
- | providerUrl=" | + | providerUrl="< |
nameIdPolicyFormat=" | nameIdPolicyFormat=" | ||
userFullnameTemplate=" | userFullnameTemplate=" | ||
- | | + | |
<!-- hardcoded magic value that specifies the NameID from the SAML reply --> | <!-- hardcoded magic value that specifies the NameID from the SAML reply --> | ||
< | < | ||
<!-- either " | <!-- either " | ||
- | < | + | < |
- | < | + | < |
- | < | + | < |
- | < | + | < |
<!-- This matches if the SAML assertion contains a SAML attribute " | <!-- This matches if the SAML assertion contains a SAML attribute " | ||
Line 110: | Line 117: | ||
MIIDCTCC... | MIIDCTCC... | ||
- | //<Insert the X509Certificate " | + | < |
...Qwgf5bXby+ug== | ...Qwgf5bXby+ug== | ||
Line 133: | Line 140: | ||
After you configured the service provider and identity provider in '' | After you configured the service provider and identity provider in '' | ||
+ | |||
===== Generate the SAML SP metadata ===== | ===== Generate the SAML SP metadata ===== | ||
- | After configuring the SAML SP, you can download the SAML SP metadata directly by navigating to the URL '' | + | After configuring the SAML SP, you can download the SAML SP metadata directly by navigating to the URL '' |
The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP. | The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP. | ||
Line 141: | Line 149: | ||
===== Validated IdP Vendors ===== | ===== Validated IdP Vendors ===== | ||
- | The following IdP servers | + | Stages SAML has successfully been deployed with the following IdP servers: |
* Cisco Central Web Authentication (CWA) | * Cisco Central Web Authentication (CWA) | ||
+ | * Oracle Access Manager (OAM) | ||
* Shibboleth IdP | * Shibboleth IdP | ||