9.23 SAML Service Provider
Advanced Authentication facilitates you to authenticate with SAML 2.0 with the Web Authentication method.
WARNING:You must configure the SAML Service Provider method before adding it to an authentication chain.
NOTE:A chain with the SAML Service Provider method can be assigned only to the OAuth 2.0 event. Ensure to meet the following points:
-
The event must contain the enabled in the Advanced Settings section.
-
The SAML Service Provider method can be single or the first in the chain. Even if it is not the first method in the chain, it will be requested before the other methods.
-
The user who authenticates using the SAML SP method must be present in only one repository.
-
The SAML Service Provider method is not enrolled automatically when using the new Enrollment Portal. It must be enrolled for users before authentication.
To configure the SAML Service Provider method for Advanced Authentication, perform the following steps:
-
Click > .
-
Click in .
-
Select in .
-
Click the arrow
icon. -
Specify the identity provider name in I.
-
Specify the attribute name used in the SAML assertion that identifies the user in . By default it is set as username.
-
Click to upload the file.
IMPORTANT:Ensure that you choose the Identity Provider Metadata file that is exported from a used Identity Provider. Do not use the metadata file exported from the > > .
-
Click the save
icon. -
Click .
NOTE:You can obtain Service Provider metadata from Advanced Authentication. Use the URL mentioned below to obtain the Service Provider metadata:
https://AAF_SERVER/osp/a/TENANT/auth/saml2/metadata.
In the above URL, the TENANT must be replaced by the actual tenant name. Use TOP as the TENANT name if you are not using the Advanced Authentication as SaaS version or the multi-tenancy feature is not enabled.