Sidebar
saml
Single Sign-On
| General | |
|---|---|
| Support SAML login | Enable Single Sign-On. When enabled this replaces the normal login. |
| Login without single sign-on also available | Enable this to allow normal login and SAML at the same time. When enabled the user is asked when logging in, which authentication method to use. See the Page Flow for more information.  |
| AWP SP Configuration | |
|---|---|
| Configuration of the Service Provider role required for the IdP. | |
| Issuer ID | ID representing the AWP at the IdP. Usually configured to the public URL of the AWP installation. |
| Endpoint URL | URL the IdP redirects to after authenticating the user. Should be configured to the public URL of the AWP installation suffixed with /saml . |
| Certificate | Manages the certificate used to encrypt or sign the messages sent by the AWP: * Load: check certificate for being valid * Import: Import the certificate from a Keystore file that might already exists for Portals or WebClient * Clear: Remove the stored certificate to be able to create a new one. * Generate: Create a new certificate |
| Export | Exports the SP configuration into multiple different formats: * Metadata: Save the SP metadata to be imported into an Identity Provider * SAMLSignOn.xml: required for deployment at the Cumulus server * Keystore: Create a KeyStore file that can be used for the SAML configuration of both Portals and the WebClient  |
| IDP Configuration | |
|---|---|
| Configuration of the Identity Provider authenticating users. Most settings are usually imported from the IdP generated metadata.xml file. | |
| Issuer ID | ID of the IdP used when validating received SAML objects. |
| SSO Authentication URL | URL to use when authenticating a user. |
| Artifact Resolution URL | URL of the IdP when employing Artifact Binding. If this URL is empty POST Binding is used instead. |
| Authentication Contexts | Select the context offered by the IdP. |
| User UID | Specify the name of the attribute which should be used as unique identifier for the user. Its recommended to use the email address attribute as unique id. |
| User Roles | Specify the name of the attribute which specifies the roles the authenticated user should be a member of. Click the Advanced button to use a role mapping based on IdP attributes. |
| User Field Mappings | Manage the additional attributes that should be mapped to the users metadata. |
| Certificate | List of certificates in X.509 DER format which can be used to validate messages sent by the IdP |
| Import | Instead of entering the IdP configuration manually, AWP also supports importing the IdP metadata which will import Issuer ID, SSO Authentication URL, Artifact Resolution URL and the certificates if available.  * Metadata File: Select the IdP metadata.xml for import * Metadata URL: Enter the URL where the IdP offers its metadata information. This avoids the additional step of downloading the file manually. |
Please see the setup guide for more information.
saml.txt · Last modified: 2021/02/09 09:00 (external edit)
