SAMLServiceProviderAuthN
Warning
This authenticator is a legacy authenticator. It is recommended to plan for migrating the authenticator to the new protocol agnostic authenticator architecture. More information about the legacy authenticators can be found here.
Note
Used when internal applications should be a part of a SAML federation.
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| sp | The entity ID of the Service provider. Must be same value as entityID. This value maps to a SAML SERVICE PROVIDER configured. | N/A | Yes |
| targetIDP | The entity ID of the trusted IDP | N/A | Yes |
| acsUrl | Location of where asserions should be sent | N/A | Yes |
| discoveryUrl | The url of the IDP discovery service. | N/A | Yes |
| entityID | The entity ID of the Service provider. Must be same value as sp. This value maps to a SAML SERVICE PROVIDER configured. | N/A | Yes |
| addsignature | Sign the authentication request (true/false). | true | No |
| pipeID | Id of the pipe used when consuming an incoming assertion | N/A | Yes |
| successURL | Where to redirect the browser after a successfull authentication | N/A | Yes |
| authnRequestsSigned | Want signed auth requests true/false | true | Yes |
| cancelUrl | Where to redirect the browser after a cancelled authentication | N/A | No |
| requestedAuthnContext | Value of RequestedAuthnContext (AuthnContextClassRef) in the AuthnRequest | N/A | No |
| signMessage | A SignMessage to include in the AuthnRequest. | N/A | No |
Example Configuration
{
"id": "samlsp",
"alias": "samlsp",
"name": "SAMLServiceProviderAuthN",
"displayName": "External IdP",
"configuration": {
"successURL": "/otpadmin/",
"sp": "sp.phenixid.se",
"pipeID": "assertionConsumer",
"targetIDP": "https://idp.testshib.org/idp/shibboleth",
"acsUrl": "http://support.phenixid.se:8080/authenticate/samlsp",
"entityID": "sp.phenixid.se"
}
}
Requirements
A SAML Service Provider entity defined under Advanced->SAML Service Provider.