Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt

Setup Config XML Files (For Synergetic Community Portal/SynWeb Newer than v68)

Common Configuration:

 

When setting up SAML authentication for Community Portal or SynWeb you currently have to set in the configuration XML as following.

First we have to enable SAML mode for the application.

Info
iconfalse
titleCommunity Portal

AuthenticationMode = 14


Info
iconfalse
titleSynWeb

AuthenticationMode = SAML

OverrideUserName = zSynergetic_main_dbo (user used to assume a login for the authenticated user)

OverridePassword = encrypted password

Login Properties

SAMLLoginBinding - The binding method used to send the login request to the IDP. Methods include REDIRECT or POST (Default: REDIRECT)

SAMLLoginDestination - The IDP URL of which the Authentication request can be sent to from the SP.

SAMLLoginX509CertificatePath - The path of the SAML signing certificate used to authenticate the messages from the IDP, normally per example (including tilde prefix): ~/Site/Certificates/yourcertname.crt 1

SAMLSPIssuer - Issuer uri which is sent with every request for the IDP to verify. e.g https://synportal.schools.edu.au/login.aspx

SAMLComparisonMode - The setting which determines the RequestedAuthnContext label in the request to the IDP. Values can be (minimum or exact). (Default: Minimum)

SAMLClaimAttributeName - NameID is a default value. But AAD return GUID which can`t be used to login. Have to change to Set this to override NameId to another user attribute to be used to login. Azure Active Directory uses a GUID for NameId which can be inconvenient. To use email address to authenticate user, change this value to the attribute name. E.g. "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" and use the email address to verify the user(Default uses NameId).

Logout Properties

SAMLLogoutBinding - The binding method used to send the LogoutRequest to the IDP. Methods include REDIRECT or POST. (Default: REDIRECT)

SAMLLogoutDestination - The logout URL of the IDP used to send the SAML logout request and terminate the session from the SP. The endpoint must support Single Sign Out.

SAMLLogoutX509CertificatePath2 - The path of the certificate used to sign the logout request being sent out to the IDP. This is most likely a private key (.pfx file).

SAMLLogoutX509CertificatePrivateKeyPassword2 - The private key used to utilise the certificate to the sign the request. The key must be encoded using the Portal/SynWeb Configuration tool.

SAMLIDPUserHomePageUrl - The URL of the login page of the IDP which is to be used only if there is a logout failure. The link will be used to redirect the user so a manual logout can be performed.

Anchor
samllegacy
samllegacy
Legacy Support Properties

UseSAMLLegacyFlag2 - Set this to true to use legacy implementation of SAML. (Default: false)

<UseSAMLLegacyFlag>true</UseSAMLLegacyFlag>

Following Properties are only in use when UseSAMLLegacyFlag is true

  • SAMLLoginDestination
  • SAMLLogoutDestination
  • SAMLLoginX509CertificatePath
  • SAMLSPIssuer
  • SAMLRequestFormat2 - Base64/Base64Deflate
  • SAMLClaimAttributeName2 - Set SAML response claim attribute name linked to the IDP response. Supported values are (case sensitive - use same naming as generated in saml response - e.g. iDAMGuid):

    NameID (Default) Value maps to any of (Network Login, Config User Login Name, IdamLogin or CommunityGUID)

    IdamGUID Value from claims/IdamGUID mapped to Synergetic Community.IdamGUID. This is custom claim attribute.

    NetworkLogin 

    Namehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Info

The SAML signing certificate needs to be in Base-64 encoded X.509 (.CER) format. If required, the supplied certificate format can be adjusted by importing to Windows Certificate Manager console then exporting the file.

2 Optional Parameters



Setup Configuration Keys

There are 2 configuration keys to visually display how the logout page is displayed when a logout is successful:

Info
titleSynWeb Logout Message
SynWeb|System|LogoutCustomHtml

 

 

Default logout message for SynWeb.

 

Info
titleCommunity Portal Logout Message
CommunityPortal|Pages|LogOut|LogoutCustomHtml

 

Default logout message for Community Portal

The configuration key supports HTML format.