To integrate the Authentication Server with any SAML Identity Provider, you need to add the Authentication Server configuration into the SAML Identity Provider (it should be registered as SAML v2 remote service provider). Next, you need to configure the following additional parameters in the authserver.properties file.
Parameter | Description | Default value |
---|---|---|
authentication.saml.enabled | Sets the value to true. | false |
authentication.saml.entity.id | Sets an authentication server as a service provider ID if it is different than the default server. | com.nomagic.authentication.server |
authentication.saml.name.id.format | Specifies the format of a username identifier. | urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName |
authentication.saml.idp.metadata.url | Specifies an Identity Provider metadata URL address if SAML Identity Provider supports metadata retrieval from the URL (e.g., ForgeRock OpenAM). | - |
authentication.saml.idp.metadata.file | Specifies the path and/or name of a metadata file. You can use either an abstract or a relative path. If the path is relative, the location is the WebAppPlatform directory. | The name of the file. The metadata file should be in the same config directory where the authserver.properties file is stored. |
authentication.saml.link | The title of the button for SAML user login displayed on the login page. | SAML User |
authentication.saml.disable.force.authentication | Sets ForceAuthn to true or false in the AuthnRequest in SAML based authentication. Change it carefully as you won't be able to login with another user after user logout in the value is false | true |
authentication.saml.signature.algorithm | SAML integration requests signature algorithm. Available values - SHA1, SHA256. and SHA512. | SHA1 |
authentication.saml.authn.contexts | List of AuthN Contexts separated by a comma. | - |
authentication.saml.authn.context.comparison.type | AuthN Context comparison type (exact, better, maximum, minimum). | exact |
authentication.saml.error.visible | Flag indicating if SAML authentication detailed error text should be displayed for the user. | false |
Related pages