Panel | ||||
---|---|---|---|---|
|
...
Universal Controller uses SAML Single Sign-On for authentication and User Provisioning 439249513. All user and group authorization must be configured within Universal Controller through Permission and Role assignment.
...
Any user created by SAML assertion attributes, during the single sign-on process, is considered an Identity Provider-sourced user. See Attribute Mappings in Single Sign-On Settings 439249513 in 439249513.
User Field Defaults
Single Sign-On provisioned users are created with the following default field values:
...
However, Universal Controller allows an administrator to customize the Service Provider Entity ID by specifying a Service Provider Entity ID Subdomain in the Single Sign-On Settings 439249513 in the user interface.
For example, an Service Provider Entity ID Subdomain value of dev
would allow for a Service Provider Entity ID of https://dev.uc.stonebranch.com/sp.
...
To configure the SP Entity Base URL to a specific value, an administrator can specify the Service Provider Entity Base URL from the Single Sign-On Settings 439249513 in the user interface.
The following table documents the SAML endpoints, and their supported bindings, contained within the Universal Controller Service Provider metadata.
...
Universal Controller provides a Service Provider Metadata link, from the Single Sign-On Settings, for downloading the Universal Controller Service Provider metadata file.
...
You can specify the location of the Identity Provider metadata file in the Single Sign-On Settings 439249513 Details of the user interface. By default, on initial start-up, the Controller automatically populates the Identity Provider metadata file setting with a value of ${catalina.base}/conf/saml/idp.xml
.
...
An administrator can turn on/off and configure SAML Single Sign-On through the user interface.
Note | ||
---|---|---|
| ||
Each Universal Controller cluster node maintains its own Single Sign-On Settings configuration, associated by Node Id. Therefore, you must complete the Single Sign-On Settings configuration for each deployed cluster node, including the Active node and any Passive nodes. The Identify Provider Metadata File and KeyStore File, by default located under ${catalina.base}/conf/saml/, must be accessible to each cluster node. |
Step 1 | From the Administration navigation pane, select Configuration > Single Sign-On Settings. The Single Sign-On Settings page displays. |
---|---|
Step 2 | Enter / select your Single Sign-On Settings, using the field descriptions below as a guide.
|
Step 3 | Click the button. |
...
Field Name | Description | ||||||
---|---|---|---|---|---|---|---|
Details | This section contains detailed information on the Single Sign-On settings. | ||||||
SAML Single Sign-On | If enabled, turns on SAML Single Sign-On. | ||||||
| If enabled, turns on the provisioning of users through SAML assertion attributes. | ||||||
SP Entity ID | Read-only; Unique identifier of the Universal Controller Service Provider. | ||||||
SP Entity ID Subdomain | Customize the SP Entity ID with a unique subdomain. | ||||||
SP Entity Base URL | Base URL to construct SAML endpoints from; must be a URL with protocol, server, port. and context path. If one is not specified, it defaults to values from the initial request in this format: | ||||||
Identity Provider Metadata Source
| Specifies Identity Provider Metadata Source:
| ||||||
Identity Provider Metadata File | If Identity Provider Metadata Source 439249513 = File; Identity Provider metadata file location. | ||||||
Identity Provider Metadata URL | If Identity Provider Metadata Source 439249513 = URL; Identity Provider metadata URL location. | ||||||
| Link to download the Service Provider metadata for the Universal Controller node. | ||||||
Key Management | |||||||
KeyStore File | Keystore file location. | ||||||
KeyStore Password | Password used to protect the integrity of the keystore. Default is ucsaml. | ||||||
Private Key Alias | Alias of the private key (with either self-signed or CA-signed certificate) used to digitally sign SAML messages. Default is ucsaml. | ||||||
Private Key Password | Password used to protect the integrity of the private key. Default is ucsaml. See SAML KeyStore 439249513. | ||||||
| If User Provisioning 439249513 is enabled; This section allows you to configure a mapping between user fields and attributes from the attribute statement of a SAML assertion. It is displayed only when User Provisioning 439249513 is enabled. See User Attribute Mapping 439249513 for more details. | ||||||
First Name | Name of an attribute, of type | ||||||
Middle Name | Name of an attribute, of type | ||||||
Last Name | Name of an attribute, of type | ||||||
Name of an attribute, of type | |||||||
Active | Name of an attribute, of type | ||||||
Groups | Name of a multi-valued attribute, of type | ||||||
Title | Name of an attribute, of type | ||||||
Department | Name of an attribute, of type | ||||||
Manager | Name of an attribute, of type | ||||||
Business Phone | Name of an attribute, of type | ||||||
Mobile Phone | Name of an attribute, of type | ||||||
Home Phone | Name of an attribute, of type | ||||||
Buttons | This section identifies the buttons displayed above and below the Single Sign-On Settings that let you perform various actions. | ||||||
Update |
| ||||||
Refresh | Refreshes any dynamic data displayed in the Single Sign-On Settings. |
...
Upon initial start-up of Universal Controller, a default Single Sign-On Settings record is created and associated with the Universal Controller node by node id. The settings are specific to the Universal Controller node, as the SP Entity ID, Base URL, and File paths may differ between each Universal Controller node. See Single Sign-On Settings Field Descriptions 439249513, above, for the default configuration.
...