To integrate the Authentication Server with any SAML Identity Provider (see instructions for SAML integration), you need to add the Authentication Server configuration into the SAML Identity Provider (it should be registered as SAML v2 remote service provider). Next, you need to configure the following additional parameters in the authserver.properties file.

ParameterDescriptionDefault value
authentication.saml.enabledSets the value to true.false
authentication.saml.entity.idSets an authentication server as a service provider ID if it is different than the default server.com.nomagic.authentication.server
authentication.saml.name.id.formatSpecifies the format of a username identifier. urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
authentication.saml.name.id.attributeSAML user attribute to map to username instead of SAML user name ID, which is used by default.-
authentication.saml.name.id.allow.createAllowCreate Name ID policy (true, false).true
authentication.saml.idp.metadata.urlSpecifies an Identity Provider metadata URL address if SAML Identity Provider supports metadata retrieval from the URL (e.g., ForgeRock OpenAM).-
authentication.saml.idp.metadata.fileSpecifies the path and/or name of a metadata file. You can use either an absolute or a relative path. If the path is relative, the location is the WebAppPlatform directory.-
authentication.saml.linkThe title of the button for SAML user login is displayed on the login page.SAML User
authentication.saml.disable.force.authentication

Sets ForceAuthn to true or false in the AuthnRequest in SAML-based authentication. Change it carefully as you won't be able to log in with another user after user logout if the value is true.

false
authentication.saml.signature.algorithmSAML integration requests a signature algorithm. Available values - SHA1, SHA256. and SHA512.SHA256
authentication.saml.authn.contextsList of AuthN Contexts separated by a comma.-
authentication.saml.authn.context.comparison.typeAuthN Context comparison type (exact, better, maximum, minimum).exact
authentication.saml.error.visibleFlag indicating if SAML authentication detailed error text should be displayed for the user.false
authentication.saml.login.relay.state.formatRelayState format for authentication request (uuid, query).uuid
authentication.saml.logout.relay.state.formatRelayState format for logout request (uuid, query).uuid
authentication.saml.attributesA comma-separated list of SAML attributes that can be used while defining conditions for conditional user groups. Learn more about conditional user groups.-




Related pages