To integrate the Authentication Server with any SAML Identity Provider (see instructions for SAML integration), you need to add the Authentication Server configuration into the SAML Identity Provider (it should be registered as SAML v2 remote service provider). Next, you need to configure the following additional parameters in the authserver.properties file.
Parameter | Description | Default value |
---|---|---|
authentication.saml.enabled | Sets the value to true. | false |
authentication.saml.entity.id | Sets an authentication server as a service provider ID if it is different than the default server. | com.nomagic.authentication.server |
authentication.saml.name.id.format | Specifies the format of a username identifier. | urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName |
authentication.saml.name.id.attribute | SAML user attribute to map to username instead of SAML user name ID, which is used by default. | - |
authentication.saml.name.id.allow.create | AllowCreate Name ID policy (true, false). | true |
authentication.saml.idp.metadata.url | Specifies an Identity Provider metadata URL address if SAML Identity Provider supports metadata retrieval from the URL (e.g., ForgeRock OpenAM). | - |
authentication.saml.idp.metadata.file | Specifies the path and/or name of a metadata file. You can use either an absolute or a relative path. If the path is relative, the location is the WebAppPlatform directory. | - |
authentication.saml.link | The title of the button for SAML user login is displayed on the login page. | SAML User |
authentication.saml.disable.force.authentication | Sets ForceAuthn to true or false in the AuthnRequest in SAML-based authentication. Change it carefully as you won't be able to log in with another user after user logout if the value is true. | false |
authentication.saml.signature.algorithm | SAML integration requests a signature algorithm. Available values - SHA1, SHA256. and SHA512. | SHA256 |
authentication.saml.authn.contexts | List of AuthN Contexts separated by a comma. | - |
authentication.saml.authn.context.comparison.type | AuthN Context comparison type (exact, better, maximum, minimum). | exact |
authentication.saml.error.visible | Flag indicating if SAML authentication detailed error text should be displayed for the user. | false |
authentication.saml.login.relay.state.format | RelayState format for authentication request (uuid, query). | uuid |
authentication.saml.logout.relay.state.format | RelayState format for logout request (uuid, query). | uuid |
authentication.saml.attributes | A comma-separated list of SAML attributes that can be used in conditional group permissions. | - |
Related pages