Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
72:integration:saml [2019/06/12 08:41] – [Lessons Learned] sngr | 72:integration:saml [2019/10/11 20:55] – emr | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Configure SAML Authentication ====== | ====== Configure SAML Authentication ====== | ||
+ | |||
+ | [[: | ||
SAML stands for Security Assertion Markup Language. It is a current standard for authenticating users in a distributed system. | SAML stands for Security Assertion Markup Language. It is a current standard for authenticating users in a distributed system. | ||
Line 41: | Line 43: | ||
providerId="< | providerId="< | ||
signatureKeyAlias=" | signatureKeyAlias=" | ||
- | > | + | |
</ | </ | ||
Line 61: | Line 63: | ||
* EntityIdfromMetadata | * EntityIdfromMetadata | ||
+ | |||
* SingleSignOnServiceLocationFromMetadata | * SingleSignOnServiceLocationFromMetadata | ||
+ | |||
* DisplayName (alternative: | * DisplayName (alternative: | ||
+ | |||
* EMailAddress | * EMailAddress | ||
Line 76: | Line 81: | ||
nameIdPolicyFormat=" | nameIdPolicyFormat=" | ||
userFullnameTemplate=" | userFullnameTemplate=" | ||
- | | + | > |
<!-- hardcoded magic value that specifies the NameID from the SAML reply --> | <!-- hardcoded magic value that specifies the NameID from the SAML reply --> | ||
< | < | ||
Line 147: | Line 152: | ||
The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP. | The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP. | ||
- | ===== Validated IdP Vendors | + | ===== Configure the SAML Request Type ===== |
- | Stages SAML has successfully been deployed with the following IdP servers: | + | The default binding type of the SAML Request is '' |
- | * Cisco Central Web Authentication (CWA) | + | Some IDPs do not work with that type and rather need a POST Request. This can only be found out on the IDP. |
- | * Oracle Access Manager (OAM) | + | |
- | * Shibboleth IdP | + | |
- | Please let us know if you were able to make Stages SAML work with your server and it is not on this list yet. | + | This can be configured in the '' |
- | ===== Lessons Learned ===== | + | < |
+ | sendBinding=" | ||
+ | </ | ||
- | The default binding type of the SAML-Request is created as a redirect. | + | ===== Validated IdP Vendors ===== |
- | Some IDP (f.e. at Renault) doesn´t work with that type and rather need a POST-Request. | + | Stages SAML has successfully been deployed |
- | This can be configured in the identity-provide section of the config.xml: | + | * Cisco Central Web Authentication (CWA) |
- | < | + | |
- | **sendBinding=" | + | |
- | </ | + | * Shibboleth IdP |
- | There a re no easy options | + | Please let us know if you were able to make Stages SAML work with your server and it is not on this list yet. |