Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
72:integration:saml [2019/06/12 08:42] – [Lessons Learned] sngr72:integration:saml [2019/08/28 12:00] emr
Line 41: Line 41:
                         providerId="<yourStagesURL>"                         providerId="<yourStagesURL>"
                         signatureKeyAlias="samlkeyalias"                         signatureKeyAlias="samlkeyalias"
-     >+   >
         </service-provider>         </service-provider>
  
Line 76: Line 76:
                         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"                         nameIdPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
                         userFullnameTemplate="%firstname% %lastname%"                         userFullnameTemplate="%firstname% %lastname%"
-              >+            >
             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->
             <identity-provider-attribute name="username" id="http://schemas.stages.methodpark.com/saml/v2/identity/claims/subject" />             <identity-provider-attribute name="username" id="http://schemas.stages.methodpark.com/saml/v2/identity/claims/subject" />
Line 147: Line 147:
 The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP. The resulting XML file can be sent to the SAML IdP administrators and contains all information necessary to set up the trust relationship on the IdP side. After the SAML IdP has been configured with the SP metadata, users will be able to authenticate successfully with Stages through the SAML IdP.
  
 +===== Configure the SAML Request Type =====
 +
 +The default binding type of the SAML Request is ''redirect''.
 +
 +Some IDPs do not work with that type and rather need a POST Request. This can only be found out on the IDP.
 +
 +This can be configured in the ''identity-provider''  section via
 +
 +<code>
 +sendBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
 +</code>
 ===== Validated IdP Vendors ===== ===== Validated IdP Vendors =====
  
Line 156: Line 167:
  
 Please let us know if you were able to make Stages SAML work with your server and it is not on this list yet. Please let us know if you were able to make Stages SAML work with your server and it is not on this list yet.
- 
-===== Lessons Learned ===== 
- 
-The default binding type of the SAML-Request is created as a redirect. 
- 
-Some IDP (f.e. at Renault) doesn´t work with that type and rather need a POST-Request. 
- 
-This can be configured in the identity-provide section of the config.xml: 
- 
-<code> 
-sendBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
-</code> 
- 
-There a re no easy options to fint it out, because the IDP only seems to deny the Request (without telling the concrete reason in the response). Only at IDP (→ mostly customer) the problem can be identified.