Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
72:integration:saml [2019/08/28 11:59] emr72:integration:saml [2019/10/11 20:55] emr
Line 1: Line 1:
 ====== Configure SAML Authentication ====== ====== Configure SAML Authentication ======
 +
 +[[:general:secadv-2019-01|Before you configure SAML, please assure you adhere to Security Advisory 2019-01]].
  
 SAML stands for Security Assertion Markup Language. It is a current standard for authenticating users in a distributed system. SAML stands for Security Assertion Markup Language. It is a current standard for authenticating users in a distributed system.
Line 41: Line 43:
                         providerId="<yourStagesURL>"                         providerId="<yourStagesURL>"
                         signatureKeyAlias="samlkeyalias"                         signatureKeyAlias="samlkeyalias"
-    >+>
         </service-provider>         </service-provider>
  
Line 61: Line 63:
  
   * EntityIdfromMetadata   * EntityIdfromMetadata
 +
   * SingleSignOnServiceLocationFromMetadata   * SingleSignOnServiceLocationFromMetadata
 +
   * DisplayName (alternative: FirstName, LastName)   * DisplayName (alternative: FirstName, LastName)
 +
   * EMailAddress   * EMailAddress
  
Line 76: Line 81:
                         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"                         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
                         userFullnameTemplate="%firstname% %lastname%"                         userFullnameTemplate="%firstname% %lastname%"
-             >+         >
             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->
             <identity-provider-attribute name="username" id="http://schemas.stages.methodpark.com/saml/v2/identity/claims/subject" />             <identity-provider-attribute name="username" id="http://schemas.stages.methodpark.com/saml/v2/identity/claims/subject" />
Line 147: Line 152:
 The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP. The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP.
  
-===== Validated IdP Vendors ===== +===== Configure the SAML Request Type =====
- +
-Stages SAML has successfully been deployed with the following IdP servers: +
- +
-  * Cisco Central Web Authentication (CWA) +
-  * Oracle Access Manager (OAM) +
-  * Shibboleth IdP +
- +
-Please let us know if you were able to make Stages SAML work with your server and it is not on this list yet. +
- +
-===== Lessons Learned =====+
  
 The default binding type of the SAML Request is ''redirect''. The default binding type of the SAML Request is ''redirect''.
Line 168: Line 163:
 sendBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" sendBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
 </code> </code>
 +
 +===== Validated IdP Vendors =====
 +
 +Stages SAML has successfully been deployed with the following IdP servers:
 +
 +  * Cisco Central Web Authentication (CWA)
 +
 +  * Oracle Access Manager (OAM)
 +
 +  * Shibboleth IdP
 +
 +Please let us know if you were able to make Stages SAML work with your server and it is not on this list yet.
 +