Skip to main content
Skip table of contents

Configuration Manager - SAML Authentication

The “Saml Authentication" menu is where Saml2 interfaces for account provisioning and authentication are configured. Saml interfaces are configured client-specific meaning multiple can be configured in a multi-client setup. In the "Clients > Access and security" tab where there is a "SAML authentication" checkbox and "SAML entity ID" field to populate.

Description

Setting

What does the setting do?

Test mode

This should be used only for testing when the IdP is a created IdP from e.g. http://172.17.0.112:8081/simplesaml.

Ignore validation

This should be set on true only when the configured IdP sends a SAMLArtifact or SAMLResponse that does not contain any signature.Otherwise, the SAMLArtifact or SAMLResponse signature will be validated with the configured certificate.

Enable algorithm check

This should be used to check the key store Algorithm (RSA or DSA).

Send Saml request

Based on this parameter the samlRequest will be send to the IDP (this has to be disabled for ADFS3.0).

Multiple IdPs

More than one IdentityProvider setting can be configured (one per application/entityID). In that case this parameter must be set to true, so that the system will return different settings for different applications. The setting to use gets determined by the entityID that the application provides to the ILS. The setting for ILS itself needs the new parameter useForIls set to true (otherwise ILS will not know its own entityID).

Enable account provisioning

Fallback provider URL

Specification of SAML2 Identity Provider to use as a fallback when authentication against the first IdP is failing.

Fallback issuer URL

Fallback redirection URL

Fallback key store path IdP

Fallback key store alias IdP

SP meta data file path

SP assertion consumer service URL

SP single logout service URL

Entities that use the authentication context

If the EntityID is present in this whitelist, the optional SAML AuthnReq Authentication Context is not included in the authentication request before sending. The white list is comma seperated.

SAML Profile Identifier Attribute

Database name of the imc attribute in the PERSON table that will be used to identify a user during SAML account provisioning.

Mapping

Default client

Default client id of a person when it’s created if none is specified on the SAML response.

Import without self-registration

If the value is ticked/true, persons are automatically created and no self registration page will be presented.

Update existing user

If the value is set to ticked/true, persons that already exists will be updated with the attributes found from the SAML2 response.

Ignore unmapped fields

Determines whether all source fields specified by mapping elements will be expected and imported in the imported file. Ticked/true: The attributes transferred in the import source for which no mapping is defined will be ignored. Unticked/false: If an attribute which is transferred with the imported data does not have any mapping defined, an exception will be generated.

Is Reference

Determines whether all source fields specified by mapping elements will be expected and imported in the imported file. Ticked/true: The mapping elements determine which fields will be imported. Additional columns found in the import file will be ignored. Unticked/false: Only the columns found in the import file will be imported. Additional attributes specified by mapping elements will be ignored.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.