Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
72:integration:saml [2019/08/28 12:00] emr72:integration:saml [2019/10/11 20:55] emr
Line 1: Line 1:
 ====== Configure SAML Authentication ====== ====== Configure SAML Authentication ======
 +
 +[[:general:secadv-2019-01|**Before you configure SAML, please assure you adhere to Security Advisory 2019-01]].**
  
 SAML stands for Security Assertion Markup Language. It is a current standard for authenticating users in a distributed system. SAML stands for Security Assertion Markup Language. It is a current standard for authenticating users in a distributed system.
Line 41: Line 43:
                         providerId="<yourStagesURL>"                         providerId="<yourStagesURL>"
                         signatureKeyAlias="samlkeyalias"                         signatureKeyAlias="samlkeyalias"
-   >+  >
         </service-provider>         </service-provider>
  
Line 61: Line 63:
  
   * EntityIdfromMetadata   * EntityIdfromMetadata
 +
   * SingleSignOnServiceLocationFromMetadata   * SingleSignOnServiceLocationFromMetadata
 +
   * DisplayName (alternative: FirstName, LastName)   * DisplayName (alternative: FirstName, LastName)
 +
   * EMailAddress   * EMailAddress
  
Line 76: Line 81:
                         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"                         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
                         userFullnameTemplate="%firstname% %lastname%"                         userFullnameTemplate="%firstname% %lastname%"
-            >+           >
             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->
             <identity-provider-attribute name="username" id="http://schemas.stages.methodpark.com/saml/v2/identity/claims/subject" />             <identity-provider-attribute name="username" id="http://schemas.stages.methodpark.com/saml/v2/identity/claims/subject" />
Line 158: Line 163:
 sendBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" sendBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
 </code> </code>
 +
 ===== Validated IdP Vendors ===== ===== Validated IdP Vendors =====
  
Line 163: Line 169:
  
   * Cisco Central Web Authentication (CWA)   * Cisco Central Web Authentication (CWA)
 +
   * Oracle Access Manager (OAM)   * Oracle Access Manager (OAM)
 +
   * Shibboleth IdP   * Shibboleth IdP