SAML Identity Provider
The Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems.
What is SAML used for?
SAML is an important component of many Single Sign-On (SSO) systems that allow users to access multiple applications or services from a single login process. Identity and authentication levels are shared across different systems using the SAML protocol to request, receive and format that data.
SAML is used to share security credentials across one or more networked systems. SAML is designed to accomplish two things: authentication and authorization.
How It Works?
ADSS ADSS Web RA uses SAML to move information about user identities from an identity provider to a service provider. SAML authenticates nd users who are logged into a primary service provider to another service provider.
Create a SAML Identity Provider
- Click External Services from the left menu.
- Click Connectors.
- Click
from the grid header.
- A screen will appear to add the connector details. The connector screen consists of two screens, i.e. Basic Information and Details. Specify the basic information, choose the Provider as SAML Identity Provider and click Next to provide the respective connector details. See the below table for fields description.
- Click Finish. A new connector will be saved and displayed in the list.
|
Basic Information |
|
|
Field |
Description |
|
Name |
Specify a unique name for this connector, i.e. My SAML Authenticator. This connector will be used in the Global Settings > Default Connectors. |
|
Provider |
Select the provider for this connector, i.e. "SAML Identity Provider". |
|
Active |
Tick this check box to make this connector active. Inactive connectors cannot be configured in the Global Settings. |
|
Field |
Description |
|
Browser IdP meta data |
Administrator needs to upload the meta data XML format file provided by their IdP, for instance azure IdP for SAML. It will contain all the necessary information and after uploading the file system will parse it and auto complete the following fields:
|
|
HTTP POST Login URL |
This URL will be used if Binding Type is POST and authenticate with the IdP using the POST method approach |
|
HTTP POST Logout URL |
This URL will be used if Binding Type is POST and logout from the IdP using the POST method approach |
|
HTTP Redirect Login URL |
This URL will be used if Binding Type is Redirect and authenticate with the IdP using the Redirect method approach |
|
HTTP Redirect Logout URL |
This URL will be used if Binding Type is Redirect and logout from the IdP using the Redirect method approach |
|
Binding Type |
There are two types of binding for IdP authentication:
An administrator can select one of them. Authentication with IdP will be according to the binding type selected by the administrator. If a user does not select anything, the system will select Redirect by default. |
|
Signature Algorithm |
Certificates used in SAML request and response uses following signature algorithms for SAML authentication:-
|
|
IdP Signing Certificate |
This certificate will be used by ADSS Web RA to verify the response from IdP. |
|
Request Signing Certificate ( PKCS12 ) |
This is the PFX file. ADSS Web RA can extract the certificate and it's key from the PFX and sign the request using this key. It can be verified by the IdP. |
|
Request Signing Certificate Password |
Password of the uploaded PFX so ADSS Web RA can extract the required information as mentioned above. |
|
Require Signed assertion |
If checkbox is true, WEBRA will verify assertions in response as signed assertions. |
|
Authentication Request Signed |
If checkbox is true, WEBRA will send SAML request with signature to verify at IdP end. |