Versions Compared

Old Version 20

changes.mady.by.user Adrian Hui (Deactivated)

Saved on

compared with

New Version 21

changes.mady.by.user Adrian Hui (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Setup Config XML Files (For Synergetic Community Portal/SynWeb Newer than v68)

Common Configuration:

General Properties

UseSAMLLegacyFlag2 - Set this to true to use legacy implementation of SAML. (Default

:

false)

Following Properties are only in use when UseSAMLLegacyFlag is true

  • SAMLRequestFormat2 - Base64/Base64Deflate
    • SAMLClaimAttributeName2 - Set SAML response claim attribute name linked to the IDP response. Supported values are (case sensitive - use same naming as generated in saml response - e.g. iDAMGuid):

    NameID (Default) Value maps to any of (Network Login, Config User Login Name, IdamLogin or CommunityGUID)

    IdamGUID Value from claims/IdamGUID mapped to Synergetic Community.IdamGUID. This is custom claim attribute.

    NetworkLogin 

    Name

     

    Login Properties

    SAMLLoginBinding - The binding method used to send the login request to the IDP. Methods include REDIRECT or POST (Default: REDIRECT)

    SAMLLoginDestination - The IDP URL of which the Authentication request can be sent to from the SP.

    SAMLLoginX509CertificatePath - The path of the SAML signing certificate used to authenticate the messages from the IDP, normally per example (including tilde prefix): ~/Site/Certificates/yourcertname.crt 1

    SAMLSPIssuer - Issuer uri which is sent with every request for the IDP to verify.

    Logout Properties

    SAMLLogoutBinding - The binding method used to send the LogoutRequest to the IDP. Methods include REDIRECT or POST. (Default: REDIRECT)

    SAMLLogoutDestination - The logout URL of the IDP used to send the SAML logout request and terminate the session from the SP. The endpoint must support Single Sign Out.

    SAMLLogoutX509CertificatePath2 - The path of the certificate used to sign the logout request being sent out to the IDP. This is most likely a private key (.pfx file).

    SAMLLogoutX509CertificatePrivateKeyPassword2 - The private key used to utilise the certificate to the sign the request. The key must be encoded using the Portal Configuration tool.

    SAMLIDPUserHomePageUrl - The URL of the login page of the IDP which is to be used only if there is a logout failure. The link will be used to redirect the user so a manual logout can be performed.

    Legacy Support Properties

    UseSAMLLegacyFlag2 - Set this to true to use legacy implementation of SAML. (Default: false)

    Following Properties are only in use when UseSAMLLegacyFlag is true

    • SAMLRequestFormat2 - Base64/Base64Deflate
    • SAMLClaimAttributeName2 - Set SAML response claim attribute name linked to the IDP response. Supported values are (case sensitive - use same naming as generated in saml response - e.g. iDAMGuid):

      NameID (Default) Value maps to any of (Network Login, Config User Login Name, IdamLogin or CommunityGUID)

      IdamGUID Value from claims/IdamGUID mapped to Synergetic Community.IdamGUID. This is custom claim attribute.

      NetworkLogin 

      Name

    Info

    The SAML signing certificate needs to be in Base-64 encoded X.509 (.CER) format. If required, the supplied certificate format can be adjusted by importing to Windows Certificate Manager console then exporting the file.

    2 Optional Parameters

     

     

    Setup Configuration Keys

    There are 2 configuration keys to visually display how the logout page is displayed when a logout is successful:

    For SynWeb:

    SynWeb|System|LogoutCustomHtml

    For Community Portal:

    CommunityPortal|Pages|LogOut|LogoutCustomHtml

    The configuration key can be in HTML format.

     

     

    Insert excerpt
    ~ahui:SAML v68 Configuration and Demo
    ~ahui:SAML v68 Configuration and Demo