Setup Config XML Files (For Synergetic Community Portal/SynWeb Newer than v68)
Common Configuration:
General Properties
UseSAMLLegacyFlag2 - Set this to true to use existing implementation of SAML. (Default: false)
- SAMLRequestFormat2 - Base64/Base64Deflate
- SAMLClaimAttributeName2 - Set SAML response claim attribute name linked to the IDP response. Supported values are (case sensitive - use same naming as generated in saml response - e.g. iDAMGuid):
NameID (Default) Value maps to any of (Network Login, Config User Login Name, IdamLogin or CommunityGUID)
IdamGUID Value from claims/IdamGUID mapped to Synergetic Community.IdamGUID. This is custom claim attribute.
NetworkLogin
Name
Login Properties
SAMLLoginBinding - The binding method used to send the login request to the IDP. Methods include REDIRECT or POST
SAMLLoginDestination - The IDP URL of which the Authentication request can be sent to from the SP.
SAMLLoginX509CertificatePath - The path of the SAML signing certificate used to authenticate the messages from the IDP, normally per example (including tilde prefix): ~/Site/Certificates/yourcertname.crt 1
SAMLClaimAttributeName - Set SAML response claim attribute name linked to the IDP response. Supported values are (case sensitive - use same naming as generated in saml response - e.g. iDAMGuid):
NameID (Default) Value maps to any of (Network Login, Config User Login Name, IdamLogin or CommunityGUID)
IdamGUID Value from claims/IdamGUID mapped to Synergetic Community.IdamGUID. This is custom claim attribute.
NetworkLogin
Name
SAMLSPIssuer - Issuer uri which is sent with every request for the IDP to verify.
Logout Properties
SAMLLogoutBinding - The binding method used to send the LogoutRequest to the IDP. Methods include REDIRECT or POST. (Default: REDIRECT)
SAMLLogoutDestination - The logout URL of the IDP used to send the SAML logout request and terminate the session from the SP. The endpoint must support Single Sign Out. (Default: REDIRECT)
SAMLLogoutX509CertificatePath2 - The path of the certificate used to sign the logout request being sent out to the IDP. This is most likely a private key (.pfx file).
SAMLLogoutX509CertificatePrivateKeyPassword2 - The private key used to utilise the certificate to the sign the request. The key must be encoded using the Portal Configuration tool.
SAMLIDPUserHomePageUrl - The URL of the login page of the IDP which is to be used only if there is a logout failure. The link will be used to redirect the user so a manual logout can be performed.
Info |
---|
1 The SAML signing certificate needs to be in Base-64 encoded X.509 (.CER) format. If required, the supplied certificate format can be adjusted by importing to Windows Certificate Manager console then exporting the file. 2 Optional Parameters |
Setup Config XML Files (For SAML Prior to v68)
Common Configuration:
SAMLSSOHttpUrl - The application url defined when configuring the IDP. This is normally a generated url of which this application uses to authenticate with the IDP.
SAMLLogoutHttpUrl - Logout url of IdP to end Synergetic and IdP session. When user logout from SynWeb user will get redirected to this url (please note this is not just for purpose of redirection but actually to end user's session). E.g. https://synergetic.okta.com/login/signout, https://app.onelogin.com/logout
SAMLX509CertificatePath - Copy the SAML signing certificate to a subfolder of the website, normally per example (including tilde prefix): ~/Site/Certificates/yourcertname.crt 1
SAMLRequestFormat - Set Base64 to pass plain Base64 encoded string or Base64Deflate to pass compressed Base64 encoded string message. Default value: Base64Deflate
ClaimAttributeName - Set SAML response claim attribute name linked to the IDP response. Supported values are (case sensitive - use same naming as generated in saml response - e.g. iDAMGuid):
NameID (Default) Value maps to any of (Network Login, Config User Login Name, IdamLogin or CommunityGUID)
IdamGUID Value from claims/IdamGUID mapped to Synergetic Community.IdamGUID. This is custom claim attribute.
NetworkLogin
Name
Info |
---|
1 The SAML signing certificate needs to be in Base-64 encoded X.509 (.CER) format. If required, the supplied certificate format can be adjusted by importing to Windows Certificate Manager console then exporting the file. |
SynWeb
Set parameters stated below in the Synergetic.xml file specific to SynWeb:
AuthenticationMode=SAML
OverrideUserName - Create a user (if does not exists) zSynWeb, with db_owner permissions to SynergyOne, SynergyOneFinance and SynergyOneMedia Database. zSynWeb will be the database role/user that SAML mode authenticates with.
OverridePassword=<<password>>
SynWebLoginHttpUrl - Url you use to login to SynWeb. E.g.https://synweb.schools.edu.au/login.aspx (this needs to be same as you specified in application connection when configuring IDP
Community Portal
Set parameters stated below in SynCommPortal.xml file:
AuthenticationMode=14 - Mode 14 enables Community Portal's SAML authentication mode.
CommunityPortalLoginHttpUrl - Url you use to login to community portal. E.g.https://synportal.schools.edu.au/login.aspx (this needs to be same as you specified in application connection in step 2)
Miscellaneous
Setup Certificates
Download X509 Certificate from IdP and place them in Community Portal's ~/Site/Certificates directory (create Certificates directory if doesn't exist).
The SAML signing token needs to be in Base-64 encoded X.509 (.CER) format. If required, the supplied certificate format can be adjusted by importing to Windows Certificate Manager console then exporting the file.