Configure the authentication server for SAML integration as described below.
To configure the authentication server parameters for SAML integration
- Open the Settings application.
- In the left-side menu of the Settings application page, select SAML to open the SAML configuration page.
- In the Configuration tab of the SAML configuration page, turn on the Enable SAML authentication switch.
- Specify the values of the SAML parameters and click the Save button.
- Wait for the message confirming that the SAML configuration was saved successfully.
- Select the Identity provider metadata tab and upload the Identity Provider metadata by doing one of the following:
- Click the Upload button and select the XML file with the Identity Provider metadata.
- Copy the XML file's content directly into the Identity provider metadata tab.
- Click the Save button to save the uploaded metadata.
- If the authentication server is deployed separately from Web Application Platform, restart the authentication server.
SAML parameters
| Parameter | Description | Default value |
|---|---|---|
| Entity ID | The entity ID of the Service Provider. It can be any string of your choice. | com.nomagic.authentication.server |
| Name ID format | The name ID format that contains the username of the authenticated user. | urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName |
| Name ID attribute | The SAML user attribute to map to the Teamwork Cloud username instead of the SAML user name ID, which is used by default. | - |
| Signature algorithm | SAML integration requests a signature algorithm. | RSA-SHA256 |
AllowCreate Name ID policy | If enabled, adds the AllowCreate attribute to the NameIDPolicy parameter in the SAML request. | Switched on |
| Disable forced authentication | Sets ForceAuthn to true or false in the AuthnRequest in SAML-based authentication. Change it carefully, as you won't be able to log in with another user after logging out if this switch is turned on. This flag is only used in case the Identity Provider does not support single logout. | Switched off |
| AuthN contexts | (Optional) If AuthN contexts need to be used, fill in one AuthN context per line. | - |
AuthN contexts comparison type | If AuthN contexts are used, select the AuthN Context comparison type. | exact |
| SAML button title | The button title displayed for the SAML user on the login page. | SAML |
| Show SAML authentication detailed error | If enabled, a detailed SAML authentication error text is displayed for users. | Switched off |
| Login RelayState format | The RelayState format for the authentication request. | uuid |
| Logout RelayState format | The RelayState format for the logout request. | uuid |
| SAML user attributes for conditional user groups | A list of SAML attributes (one attribute per line) that can be used while defining conditions for conditional user groups. Learn more about conditional user groups. | - |