SAML2 IDP
Configure Identity Providers that use the SAML (Security Assertion Markup Language) 2.0 Protocol to authenticate and authorize users. TrustBuilder will act as a Service Provider when sending an Authentication Request to the Identity Provider.
You can whether configure a Custom SAML IDP manually or Upload SAML IDP.
Configure a custom SAML IDP
From the admin portal, go to Identity Providers tab > Custom SAML IDP.
Setting | Description |
---|---|
Display Name | The display name of the Identity Provider If a known name is used (such as Facebook, Google, LinkedIn) the corresponding logo will automatically be provided. |
Description | The Identity Provider description |
Provisioning Workflow | Select a workflow that will be executed after the Authentication is complete. The workflows can be used, for instance, to provision users in a user database. |
Type | "SAML2" |
Subject | Primary attribute that is used to identify the Subject |
Manage Certificates | You can manage certificates from the Certificates configuration page. You can also add or import certificates from the Identity provider configuration.
See Certificates |
Entity ID | This uniquely identifies your SAML2 partner. It will be provided by the partner if you want to use SAML2 |
Authentication Request Signed | This indicates whether to digitally sign the Authentication Request or not. This requires a "Key Signing" certificate to be added. = |
SSO Binding Type | The communication method that is used to transport the messages:
|
SSO Post Location | Endpoint of the Identity Provider, where the Authentication Request is sent. |
SLO Endpoints | A list of endpoints where the SLO (Single Log-Out) requests can be sent.
|
SLO Signed | Defines if the SLO (Single Log Out) request to the IDP is signed. This requires a "Key Signing" certificate to be added. |
Include X509 Certificate | Includes the complete certificate in the signature. |
Include X509 Alias | Includes the singing certificate alias in the signature |
Include PK Name | Includes the public key name in the signature. |
Signature Method | Define which algorithm is used to sign the Authentication Request. |
Attribute Consuming Services | Attribute Consuming Services define which set(s) of User Attributes are being requested from the Identity Provider. This information is optional (if there is no Attribute Consuming Services defined: all attributes will be requested), but it's recommended for privacy reasons.
|
Post Profile Template | A template form that is used to execute some JavaScript (eg. to log in) before accessing the Identity Provider |
Artifact Resolve Location | Optional. In this alternative approach, Identity Provider will make the assertion available on this URL. TrustBuilder will go to this location to get the assertion, rather than that the assertion is passed via the client. |
Audience | The Audience field is provided in an assertion and is verified by TrustBuilder. If the audience matches, then the assertion can be accepted. |
Subject Recipient | Needs to correspond to the Subject Recipient in the assertion. If no value is provided, the Subject Recipient is not validated. |
Assertion consumer Service Index | This value is filled in the AssertionConsumingServiceIndex in an AuthenticationRequest |
Add extensions to Authentication Request | Add the Extension Elements to an Authentication request. |
IDHub Entity ID | The Entity ID that identifies TrustBuilder to the IDP |
Upload SAML IDP
From the admin portal, go to Identity Providers tab > Upload SAML IDP.
Setting | Description |
---|---|
Display Name | The display name of the Identity Provider If a known name is used (such as Facebook, Google, LinkedIn) the corresponding logo will automatically be provided. |
Description | The Identity Provider description |
Type | "SAML 2 Upload XML" |
Subject | Primary user attribute that is used to identify the user. |
Manage Certificates | You can manage certificates from the Certificates configuration page. You can also add or import certificates from the Identity provider configuration.
See Certificates |
Upload SAML 2 | Upload an XML file (from PC) that contains the SAML configuration parameters. This is the metadata which is supplied by the Identity Provider. |
Click "Upload XML and create IDP" to start downloading. The Identity Provider will be created when the download is complete.