NOTE: Trivore ID Documentation has moved to https://trivoreid.com

The content on this site IS OUT OF DATE!

This space has been archived!

Please go ahead to the new site!

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

Version 1 Next »

This document describes settings that apply to all SAML based user directories.

Core settings

Core settings consists of following settings.

  • Always enforce authentication. This settings enables SAML-specific mechanism to enforce authentication. User must enter credentials even if he/she has existing authetnicated session with the IdP. Please note that not all Identity Providers support this.

  • Automatic logout after authentication. This setting was implemented because not all Identity Providers support enforced authentication. This setting ensures that user will be logged out of the SAML Identity Provider after every successful authentication.

  • Technical notes are free-form notes relevant to configuring this user directory.

SP metadata settings

SP metadata settings consist of SP entity ID, private key and certificate. For SP entity ID you can choose any random identifier if you so choose, there are no requirements. Often, this identifier includes the TrivoreID service URL and SAML authentication path. Example value is https://<hostname>/saml/SSO

TrivoreID does not place any restrictions either when choosing private key and certificate but the SAML IdP you are connecting to might have restrictions. Consult the appropriate person responsible for the IdP for any further information about these restrictions.

It is generally accepted practice to use self-signed certificates for SAML.

SP private key and SP certificate must both be in PEM format. Use any tool of your choice to generate self-signed certificate and private key. After you have configured all SP metadata settings, you can download automatically generated SP metadata.xml by clicking the link Download automatically generated SP metadata. You will need to import this xml file to the SAML IdP. You can make any changes to the xml file if needed as it is not cryptographically signed.

IdP settings

IdP settings consist of only single field where you can import the metadata XML file provided to you by the SAML IdP administrator. The XML file is structurally validated but testing is required to make sure everything works as expected.

  • No labels

NOTE: Trivore ID Documentation has moved to https://trivoreid.com

The content on this site IS OUT OF DATE!

This space has been archived!