To integrate the Authentication Server with any SAML Identity Provider, you need to add the Authentication Server configuration into the SAML Identity Provider (it should be registered as SAML v2 remote service provider). Next, you need to configure the following additional parameters in the file.

ParameterDescriptionDefault value
authentication.saml.enabledSets the value to  true.false
authentication.saml.entity.idSets an authentication server as a service provider ID if it is different than the default the format of a username identifier. urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
authentication.saml.idp.metadata.url Specifies an Identity Provider metadata URL address if SAML Identity Provider supports metadata retrieval from the URL (e.g., ForgeRock OpenAM).-
authentication.saml.idp.metadata.fileSpecifies the name of a metadata file, which should be added into the same config directory where the file exists. This metadata file is required by some Identity Providers instead of metadata URL (e.g., WSO2 Identity Service).-
authentication.saml.linkThe title of the button for SAML user login displayed on the login page.SAML User
authentication.saml.disable.force.authenticationSets ForceAuthn to true or false in the AuthnRequest in SAML based authentication. Change it carefully as you won't be able to login with another user after user logout in the value is falsetrue

Related pages