Versions Compared

Old Version 5

changes.mady.by.user Stonebranch

Saved on

compared with

New Version 6

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel
Table of Contents
maxlevel2

...

The following diagram illustrates the expectations in Universal Controller for provisioning users from attributes available in the SAML assertion:
 

Image RemovedImage Added
 

As illustrated, when LDAP synchronization is enabled, provisioning of users through LDAP synchronization takes precedence over provisioning of users through the SAML assertion during the Single Sign-On process.

...

Any user created by SAML assertion attributes, during the single sign-on process, is considered an Identity Provider-sourced user. See Attribute Mappings in SAML Single Sign-On Settings.

User Field Defaults

Single Sign-On provisioned users are created with the following default field values:
 

...

However, Universal Controller allows an administrator to customize the Service Provider Entity ID by specifying a Service Provider Entity ID Subdomain in the SAML Single Sign-On Settings in the user interface.

For example, an Service Provider Entity ID Subdomain value of dev would allow for a Service Provider Entity ID of https://dev.uc.stonebranch.com/sp.

...

To configure the SP Entity Base URL to a specific value, an administrator can specify the Service Provider Entity Base URL from the SAML Single Sign-On Settings in the user interface.

The following table documents the SAML endpoints, and their supported bindings, contained within the Universal Controller Service Provider metadata.
 

...

You can specify the location of the Identity Provider metadata file in the SAML Single Sign-On Settings Details of the user interface. By default, on initial start-up, the Controller automatically populates the Identity Provider metadata file setting with a value of ${catalina.base}/conf/saml/idp.xml.

...

An administrator can turn on/off and configure SAML Single Sign-On through the user interface.

Note
titleNote

Each Universal Controller cluster node maintains its own SAML Single Sign-On configuration, associated by Node Id. Therefore, you must complete the SAML Single Sign-On configuration for each deployed cluster node, including the Active node and any Passive nodes.

The Identify Provider Metadata File and KeyStore File, by default located under ${catalina.base}/conf/saml/, must be accessible to each cluster node.


Step 1

From the Administration navigation pane, selectConfiguration > SAML  SAML Single Sign-On. The SAML Single Sign-On page displays.
 
Image RemovedImage Added

Step 2

Enter / select your SAML Single Sign-On, using the field descriptions below as a guide.

  • Required fields display an asterisk ( * ) after the field name.
  • Default values for fields, if available, display automatically.

Step 3

Click the button.

...