Identity Provider parameters
A set of parameters has to be configured for the Identity Provider (IdP).
|
Parameter |
Required/Optional |
Description |
|---|---|---|
|
Identity provider entity ID |
Required |
The unique identifier of the IdP. The portal accepts SAML assertions only from this ID. |
|
Login URL |
Required |
The SSO service (SSO endpoint) that the portal sends authentication requests to. |
|
Logout URL |
Optional |
The SLO service (SLO endpoint) that the portal sends logout requests to. |
|
Identity provider public X.509 signing certificate |
Required |
This certificate is used to establish trust with the IdP, as well as to validate any incoming SAML assertions from the IdP. The certificate entry has to contain the BEGIN CERTIFICATE header and END CERTIFICATE footer. For more information about the certificate, see Message encryption. If, during login, your SSO users receive the
Error Validating SAML response: Signature did not validate against the credential's key error
message, the certificate has expired and you need to request a new certificate from your SSO administration team.
|
|
Federation metadata document |
/ |
The XML metadata document is generated after a valid SAML SSO configuration is saved. |
|
SAML profile binding request |
Required |
The protocol binding that is used by the portal to make an authentication request to the IdP. The following protocol bindings are supported.
|