Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
72:integration:saml [2019/08/28 12:00]
Erich Meier
72:integration:saml [2019/10/11 20:56] (current)
Erich Meier
Line 1: Line 1:
 ====== Configure SAML Authentication ====== ====== Configure SAML Authentication ======
 +
 +[[:​general:​secadv-2019-01|Before you configure SAML, please assure you adhere to Security Advisory 2019-01]].
  
 SAML stands for Security Assertion Markup Language. It is a current standard for authenticating users in a distributed system. SAML stands for Security Assertion Markup Language. It is a current standard for authenticating users in a distributed system.
Line 40: Line 42:
         <​service-provider         <​service-provider
                         providerId="<​yourStagesURL>"​                         providerId="<​yourStagesURL>"​
-                        signatureKeyAlias="​samlkeyalias"​ +                        signatureKeyAlias="​samlkeyalias">​ 
-   >+
         </​service-provider>​         </​service-provider>​
  
Line 61: Line 63:
  
   * EntityIdfromMetadata   * EntityIdfromMetadata
 +
   * SingleSignOnServiceLocationFromMetadata   * SingleSignOnServiceLocationFromMetadata
 +
   * DisplayName (alternative:​ FirstName, LastName)   * DisplayName (alternative:​ FirstName, LastName)
 +
   * EMailAddress   * EMailAddress
  
Line 76: Line 81:
                         nameIdPolicyFormat="​urn:​oasis:​names:​tc:​SAML:​1.1:​nameid-format:​unspecified"​                         nameIdPolicyFormat="​urn:​oasis:​names:​tc:​SAML:​1.1:​nameid-format:​unspecified"​
                         userFullnameTemplate="​%firstname% %lastname%"​                         userFullnameTemplate="​%firstname% %lastname%"​
-            ​>+        ​>
             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->             <!-- hardcoded magic value that specifies the NameID from the SAML reply -->
             <​identity-provider-attribute name="​username"​ id="​http://​schemas.stages.methodpark.com/​saml/​v2/​identity/​claims/​subject"​ />             <​identity-provider-attribute name="​username"​ id="​http://​schemas.stages.methodpark.com/​saml/​v2/​identity/​claims/​subject"​ />
Line 158: Line 163:
 sendBinding="​urn:​oasis:​names:​tc:​SAML:​2.0:​bindings:​HTTP-POST"​ sendBinding="​urn:​oasis:​names:​tc:​SAML:​2.0:​bindings:​HTTP-POST"​
 </​code>​ </​code>​
 +
 ===== Validated IdP Vendors ===== ===== Validated IdP Vendors =====
  
Line 163: Line 169:
  
   * Cisco Central Web Authentication (CWA)   * Cisco Central Web Authentication (CWA)
 +
   * Oracle Access Manager (OAM)   * Oracle Access Manager (OAM)
 +
   * Shibboleth IdP   * Shibboleth IdP