You are here: Home SAML2 Authentication Setup

SAML2 Authentication Setup

How Can We Help?

Created On
byNelius Jordaan
Print
< Back

Before configuring XMPro to use SAML2 to authenticate users, as described in the article: Configure SAML 2 Authentication for XMPro Action Console, the following steps must be completed by the SAML2 authentication service provider and XMPro.

XMPro

XMPro must provide the following to the service provider to be used to configure SAML2 authentication:

  • Logout service: https://xmproapplication.com/authentication/saml/sloservice.aspx
  • Assertion service: https://xmproapplication.com/authentication/saml/AssertionConsumerService.aspx
  • Service provider name (SPID): Set it to the domain name of the XMPro application e.g. xmproapplication.com

The service provider might require a metadata file that contains all this information above.  An example provided below.

<!-- Service provider SAML metadata -->
<md:EntityDescriptor entityID="xmproapplication.com" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
    <md:SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:KeyDescriptor>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate></ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </md:KeyDescriptor>
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://xmproapplication.com/authentication/saml/sloservice.aspx"/>
        <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
        <md:AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://xmproapplication.com/authentication/saml/AssertionConsumerService.aspx"/>
    </md:SPSSODescriptor>
    <md:Organization>
<md:OrganizationName xml:lang="en">XMPro</md:OrganizationName>

Service Provider

The service provider will provide the following to XMPro.

  • PartnerIdentityProviderName: samlprovidername.com
  • SingleSignOnServiceUrl: https://samlprovidername.com/idp/profile/SAML2/Redirect/SSO
  • SingleLogoutServiceUrl: https://samlprovidername.com/idp/profile/SAML2/Redirect/SLO
  • SAML signed certificate: Copy this into the root folder of the XMPro website.

The service provider may provide XMPro also with the metadata file generated by the SAML2 server that will contain the information above. An example snippet from the file is shown below:

<?xml version="1.0" encoding="utf-8"?>
<EntityDescriptor …..
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://samlprovidername.com/idp/profile/SAML2/Redirect/SLO " />
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=" https://samlprovidername.com/idp/profile/SAML2/Redirect/SSO " />
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=" https://samlprovidername.com/idp/profile/SAML2/Redirect/SSO " />
  </IDPSSODescriptor>
</EntityDescriptor>

 

Comments are closed.

This is the legacy version of the XMPro Documentation site. For the latest XMPro documentation, please visit documentation.xmpro.com

Go to New Documentation Site
X