Versions Compared

Version Old Version 9 New Version 10
Changes made by

Pierre-Marcel Gnilka

Jan Kergassner (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

The interface in question is dedicated to configuring Security Assertion Markup Language (SAML) settings for a software application. The purpose of SAML is to enable secure, single sign-on (SSO) capabilities across different domains. This particular interface allows an administrator to manage the identity provider (IdP) configuration required to establish a trust relationship between the service provider (the application) and the IdP. Security Assertion Markup Language (SAML) is a login standard that helps users access applications based on sessions in another context. It’s a single sign-on (SSO) login method offering more secure authentication (with a better user experience) than usernames and passwords.

ConfigurationSAML-20231205-101539.pngImage Modified

...

Login Page

  • A url provided by the SAML idenitty provider. When the login process is started, the user is forwarded to this url.

...

IDP Entity ID

  • An identifier provided by the SAML identity provider. Usually this is a URL that belongs to the SAML idenity provider.

...

Certificate

  • An X509 certifcate in PEM format, provided by the SAML identity provider.

...

Attribute Display Name (optional)

  • Name of the user attribute that holds the display name.

...

Attribute Email (optional)

  • Name of the user attribute that holds the email address.

...

Attribute Role (optional)

  • Name of the user attribute that holds the user's role. This allows using the SAML idenity provider to assign user roles.

...

Attribute Role Admin Value (optional)

  • If attributeRole is configured and that user attribute holds the value configured in attributeRoleAdminValue, the user will be logged in as global admin.

...

SP Entity ID

  • Copy this value to the SAML identity provider. It is used to tie SAML login responses to this specific application.

Login Response Url

...

Configuration Elements

At the top of the interface, we have a toggle switch labeled "Disabled", which indicates that the SAML configuration is currently inactive. Below this is a series of input fields grouped into logical sections for the administrator to populate or review.

The "Login Page" field holds a URL, which is the entry point for users to initiate a login process via their IdP. The "IdP Entity ID" is next, providing a unique identifier for the IdP within the SAML configuration.

Following this, we encounter the "Certificate" section containing a digital certificate in PEM format. This is crucial for establishing a secure connection, as it contains the public key that will be used to verify SAML assertions from the IdP.

Further down, there are optional fields for "Attribute Display Name", "Attribute Email", and "Attribute Role", which specify the attribute names that the application expects to receive within the SAML assertion. These names correspond to the user's display name, email address, and role, respectively. An additional field, "Attribute Role Admin Value", allows the specification of a value that, if received in the role attribute, would grant administrative rights to the user.

Lastly, the "SP Entity ID" and "Login Response Url" fields specify the service provider's unique identifier and the endpoint to which the IdP should send its response after authenticating a user, respectively. These endpoints are typically where the application expects to receive SAML assertions.

Table of contents

Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printablefalse