Panel | ||||
---|---|---|---|---|
|
...
An administrator can turn on/off and configure SAML Single Sign-On through the user interface.
Note | ||
---|---|---|
| ||
Each Universal Controller cluster node maintains its own Single Sign-On Settings configuration, associated by Node Id. Therefore, you must complete the Single Sign-On Settings configuration for each deployed cluster node, including the Active node and any Passive nodes. The Identify Provider Metadata File and KeyStore File, by default located under ${catalina.base}/conf/saml/, must be accessible to each cluster node. |
Step 1 | From the Administration navigation pane, select Configuration > Single Sign-On Settings. The Single Sign-On Settings page displays. |
---|---|
Step 2 | Enter / select your Single Sign-On Settings, using the field descriptions below as a guide.
|
Step 3 | Click the button. |
...
Field Name | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
Details | This section contains detailed information on the Single Sign-On settings. | ||||||||
SAML Single Sign-On | If enabled, turns on SAML Single Sign-On. | ||||||||
| If enabled, turns on the provisioning of users through SAML assertion attributes. | ||||||||
SP Entity ID | Read-only; Unique identifier of the Universal Controller Service Provider. | ||||||||
SP Entity ID Subdomain | Customize the SP Entity ID with a unique subdomain. | ||||||||
SP Entity Base URL | Base URL to construct SAML endpoints from; must be a URL with protocol, server, port. and context path. If one is not specified, it defaults to values from the initial request in this format: | ||||||||
Identity Provider Metadata Source
| Specifies Identity Provider Metadata Source:
| ||||||||
Identity Provider Metadata File | If Identity Provider Metadata Source = File; Identity Provider metadata file location. | ||||||||
Identity Provider Metadata URL | If Identity Provider Metadata Source = URL; Identity Provider metadata URL location. | ||||||||
| Link to download the Service Provider metadata for the Universal Controller node. | ||||||||
Key Management | |||||||||
KeyStore File | Keystore file location. | ||||||||
KeyStore Password | Password used to protect the integrity of the keystore. Default is ucsaml. | ||||||||
Private Key Alias | Alias of the private key (with either self-signed or CA-signed certificate) used to digitally sign SAML messages. Default is ucsaml. | ||||||||
Private Key Password | Password used to protect the integrity of the private key. Default is ucsaml. See SAML KeyStore. | ||||||||
| If User Provisioning is enabled; This section allows you to configure a mapping between user fields and attributes from the attribute statement of a SAML assertion. It is displayed only when User Provisioning is enabled. See User Attribute Mapping for more details. | ||||||||
First Name | Name of an attribute, of type | ||||||||
Middle Name | Name of an attribute, of type | ||||||||
Last Name | Name of an attribute, of type | ||||||||
Name of an attribute, of type | |||||||||
Active | Name of an attribute, of type | ||||||||
Groups | Name of a multi-valued attribute, of type | ||||||||
Title | Name of an attribute, of type | ||||||||
Department | Name of an attribute, of type | ||||||||
Manager | Name of an attribute, of type | ||||||||
Business Phone | Name of an attribute, of type | ||||||||
Mobile Phone | Name of an attribute, of type | ||||||||
Home Phone | Name of an attribute, of type | ||||||||
Buttons | This section identifies the buttons displayed above and below the Single Sign-On Settings that let you perform various actions. | ||||||||
Update |
| ||||||||
Refresh | Refreshes any dynamic data displayed in the Single Sign-On Settings. |
...