8.0 SAML 2.0

SAML 2.0 is an XML-based protocol that uses security tokens containing assertions. The assertions are used for sending the information about a subject (an entity that is often a human user) from a SAML authority (Identity Provider) to a SAML consumer (Service Provider).

To integrate Advanced Authentication with the third-party solutions using SAML 2.0, perform the following steps

  1. Click Events > Add.

  2. Specify a name for the new event.

  3. Change the Event type to SAML2.

  4. Select the required chains for the event.

  5. (Conditional) If you require Geo-fencing, enable Geo-fencing.

    NOTE:Geo-fencing can be enabled only for the Smartphone method.

  6. Copy and paste your Service Provider's SAML 2.0 metadata to SP SAML 2.0 metadata.

    OR

    Click Browse and select a Service Provider's SAML 2.0 metadata XML file to upload it.

  7. Click Policies > Web Authentication.

  8. (Conditional) Specify the Identity Provider’s URL in Identity provider URL.

    NOTE:To use multiple Advanced Authentication servers with SAML 2.0, you must do the following:

    1. Configure an external load balancer.

    2. Specify the address in Identity provider URL instead of specifying an address of a single Advanced Authentication server.

  9. Click Download IdP SAML 2.0 Metadata to open a metadata.The metadata opens in a new browser page.

  10. Save the metadata (XML text) from the browser.

  11. (Conditional) Use the downloaded metadata file in your Service Provider.

  12. (Conditional) Use the Identity Provider certificate in your Service Provider.

    -----BEGIN CERTIFICATE-----
MIIDkzCCAnugAwIBAgIESsmdMzANBgkqhkiG9w0BAQsFADB6MRAwDgYDVQQGEwdVbmtub3duMRAw
DgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMREwDwYDVQQKEwhBdXRoYXNhczESMBAG
A1UECxMJQXV0aGFzYXNhMRswGQYDVQQDExJvc3AuYXV0aGFzYXMubG9jYWwwHhcNMTYwNTI2MDUz
NjI0WhcNMjYwNDA0MDUzNjI0WjB6MRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3du
MRAwDgYDVQQHEwdVbmtub3duMREwDwYDVQQKEwhBdXRoYXNhczESMBAGA1UECxMJQXV0aGFzYXNh
MRswGQYDVQQDExJvc3AuYXV0aGFzYXMubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCw3YLz03qhSZPXjBc/Ws+cZ2/E5oogqKeJ3p4RR6USOoarjnmvQPq+maRfvexriwQjRDgS
OFRb58cert/misqzsHBVmQDnfMwicFVzuuKjDEbWFp9vL1gRkDzIlpCyl3eNmBWuWXM49Z6mm8XS
fIwlAoydNp5DK0o0Yrk6FNOi0nOrnI5kHGVD0bd5SpDtvXSF1WLfc5YT9UBUpfZneKsVPWSkbeBX
F84hYJWBtdzcTEyjdso9Ra7UtxLIUW0UH3LWTgn9zS97nLkmhetmD1I3mEAeAE9SAmqTRyH1FNXZ
ZOfi/BJF4+sz86f6pBbwYM2KTvXaABgzSpZpJ1pQrZKPAgMBAAGjITAfMB0GA1UdDgQWBBTL8PbA
+e6YkBIk4yELTZ+AbfdA6DANBgkqhkiG9w0BAQsFAAOCAQEAm87lNyAO8CtN5jlLe3CupLAAbUWR
NY6av7LpPail1JRIw+uvddMyOz1vOS1IwpDDNtcPtxGXsaZI1CKgNPBpLvSxePVUXNfFgUCtu+bT
cuUtiQbkiDWwFLmAS6KeA+EBFOeqBiudEfkAZZT87DF9gKvM6VWdzJ7BvWi2YPbH/FRM82fLoyAd
RbphF215we3rvsfeWbwXw70UGNyBUTb3zUcAmB3sHbcZiXJZj3pJYgDaN9Ss60sz/yG1ZLEYluvL
R1T2PPEfEcA1Eij0R1A31Z5hJ3zDlXoCeNYLoMg4522QYekTwvQeWkeYejBXEcxdL7VP6F91zmfZ
bm1A4PY5jw==
-----END CERTIFICATE-----

  13. Change used hash to SHA-1 in your Service Provider, if the option is presented.

The following are the examples of integration with SAML 2.0.