Difference between revisions of "SAML"

From LongJump Support Wiki
imported>Aeric
imported>Aeric
Line 16: Line 16:


===SAML Settings===
===SAML Settings===
#::;Version:SAML Version
;Version:SAML Version
#:::*Choose from Version 1.0 or Version 2.0
:*Choose from Version 1.0 or Version 2.0
#::;Issuer:The Issuer URL acts as a identity provider, which is an entity that authenticates a user or maintains user's credentials. The Identity Provider issues a URL, which is used to contact this provider during the login process.  
 
#:::*Syntax:The URL and Port Number must be specified using a FQDN or an IP address, for example:
;Issuer:The Issuer URL acts as a identity provider, which is an entity that authenticates a user or maintains user's credentials. The Identity Provider issues a URL, which is used to contact this provider during the login process.  
#::::*<tt>www.abc.com:9090</tt>
:*Syntax:The URL and Port Number must be specified using a FQDN or an IP address, for example:
#::::*<tt>192.168.1.10</tt>
::*<tt>www.abc.com:9090</tt>
#::::*<tt>abc.def.com</tt>
::*<tt>192.168.1.10</tt>
#::;User Id Type:Determines the type of identifier
::*<tt>abc.def.com</tt>
#:::*Choose from ''UserId'' or ''Federated Id, where:
 
#::::*UserId is the [[Record Id]] of the user that is logged in
;User Id Type:Determines the type of identifier
#::::*Federated Identity acts as a user's authentication across multiple IT systems or organizations. ''Learn more: [http://en.wikipedia.org/wiki/Federated_identity Federated Identity]''.
:*Choose from ''UserId'' or ''Federated Id, where:
#::;User Id Location:Specifies an attribute tag that defines the location of the User Id
::*UserId is the [[Record Id]] of the user that is logged in
#:::*Choose from Subject or Attribute
::*Federated Identity acts as a user's authentication across multiple IT systems or organizations. ''Learn more: [http://en.wikipedia.org/wiki/Federated_identity Federated Identity]''.
#::;Issuer Certificate:Issuer certificate is used to sign and verify SAML messages. Requires a valid x509 issuer certificate.
 
#:::*Choose one of the following options:
;User Id Location:Specifies an attribute tag that defines the location of the User Id
#::::*Paste the Issuer Certificate in the text area
:*Choose from Subject or Attribute
#:::::*Navigate to the ''Issuer Certificate'' section, then select and load a file containing the Issuer Certificate
 
;Issuer Certificate:Issuer certificate is used to sign and verify SAML messages. Requires a valid x509 issuer certificate.
:*Choose one of the following options:
::*Paste the Issuer Certificate in the text area
:::*Navigate to the ''Issuer Certificate'' section, then select and load a file containing the Issuer Certificate

Revision as of 22:25, 16 August 2011

Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between security domains. The Service Provider must enroll with an Identity Provider and obtain an Issuer URL.

How it Works

First, Single Sign-On Settings are configured for SAML in the platform, then a link to the LongJump Platform is created in the corporate website/portal. Note: the link can be named or branded in any way, as specified by the Service Provider.

Users logged into a corporate website/portal can click the link and are then automatically logged into the LongJump Platform, without requiring additional authentication.

For example, an employee of ABC Company logs into the corporate website, which includes a link to the LongJump Platform on the landing page. The user clicks the link and is automatically logged in, without requiring a second login.

Enabling SAML in the Platform

  1. Click Settings > Administration > Single Sign-On
  2. Click the [Edit] button
  3. For Single Sign-On Settings, choose SAML.
  4. Fill in the SAML Settings
  5. Click [Save]

SAML Settings

Version
SAML Version
  • Choose from Version 1.0 or Version 2.0
Issuer
The Issuer URL acts as a identity provider, which is an entity that authenticates a user or maintains user's credentials. The Identity Provider issues a URL, which is used to contact this provider during the login process.
  • Syntax:The URL and Port Number must be specified using a FQDN or an IP address, for example:
  • www.abc.com:9090
  • 192.168.1.10
  • abc.def.com
User Id Type
Determines the type of identifier
  • Choose from UserId or Federated Id, where:
  • UserId is the Record Id of the user that is logged in
  • Federated Identity acts as a user's authentication across multiple IT systems or organizations. Learn more: Federated Identity.
User Id Location
Specifies an attribute tag that defines the location of the User Id
  • Choose from Subject or Attribute
Issuer Certificate
Issuer certificate is used to sign and verify SAML messages. Requires a valid x509 issuer certificate.
  • Choose one of the following options:
  • Paste the Issuer Certificate in the text area
  • Navigate to the Issuer Certificate section, then select and load a file containing the Issuer Certificate