SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) standard that allows users to log in to networked but separate websites with just a single login.
To set SAML 2.0 as authentication, make sure you have administrator rights.
After you have logged in as usual in the login mask with your user credentials, click on your name in the upper right corner and then on the settings.
Switch to the Authentication tab in the upper toolbar.
To add a new authentication mechanism, click on the plus icon in the upper right corner.
First, fill in the following fields:
|Name||Specify any name.|
|Priority||0 – The priority can be ignored in this case.|
|Mechanism||Select SAML 2.0.|
Fill in the Identity Provider Information:
|Display Name||The display name is shown on the login button underneath the icon.|
|Force authentication||If this option is enabled, the identity provider must authenticate the presenter directly and not rely on a previous security context. When both Force authentication and Passive are enabled, the identity provider must not re-authenticate the presenter unless the limitations of ‘Passive’ can be satisfied.|
|Passive||If this option is set, the identity provider and the user agent themselves must not visibly take control of the requester’s user interface and interact with the presenter in a noticeable manner.|
|Sign Assertions||If set, the assertion within the SAML response will be signed.|
Used to determine whether a user login is sent within a valid time period after the user’s last login.
If so, the user is automatically logged in without having to re-enter a user name and password.
|Service Provider Entity-ID|
By default, the entity ID of your application (the server provider) corresponds to the callback URL.
You can force your own entity ID by setting this parameter.
|IDP Metadata||XML that contains the configuration of your IDP (Identity Provider). For example, it contains the certificate for signing the communication. This file is usually distributed by your IDP.|
|Icon||The icon is shown on the login button.|
Below the Identity Provider settings are the profile attributes that can be mapped within the Identity Provider. These attributes are synchronized in the user interface of the Simplifier.
|First Name||Name of the parameter maintained in the IDP for the first name, e.g. ‘firstname’, ‘first_name’ etc.|
|Last Name||Name of the parameter maintained in the IDP for the last name, e.g. ‘lastname’, ‘familyname’ etc.|
|E-Mail Address||Name of the parameter maintained in the IDP for the mail address, e.g. ‘mail’, ’email’ etc.|
|Mobile Phone Number||Name of the parameter maintained in the IDP for the mobile phone number, e.g. ‘mobile’, ‘phone’ etc.|
To map attributes from external authentication systems, add user and profile attributes via the plus icon.