SAML SSO Overview
SAML 2.0 (Redirect Authentication Provider)
Logiforms supports the SAML 2.0 version. The SAML 2.0 protocol is a well-established authentication protocol and is widely supported by third-party authentication systems.
Once configured on your account, users under your registered domain (email@yourdomain.com), will be redirected to SAML 2.0 provider, where they authenticate.
Once the user has authenticated, they are redirected back to Logiforms along with their email address and other user attributes. Logiforms will then locate the sub user account, update attributes and authenticate. If the user is not found, the attribute information is used to create a new user under that account and assign them to an appropriate group, either the default group assigned in the SSO configuration or passed through in the attribute collection.
Logiforms servers as what's called a Service Provider (SP). Logiforms will connect as an SP to an external authentication system serving as an Identity Provider (IdP).
SSO terminology
1. Identity Provider (IdP) settings: When a SAML 2.0 authentication provider is added to Logiforms, the account owner is prompted to enter information about their IdP. These IdP settings can be imported from a provided XML endpoint or entered manually.
2. Entity ID: This setting is the ID of the IdP server and is used to target a specific IdP configuration on the external authentication system.
3. SSO URL: This setting is the SSO URL is the Single Sign-on endpoint for the IdP.
4. x509 Certificate: This setting is the x509 certificate used to sign and verify the requests from the IdP. Use .pem format rather than .cer format.
5. Service Provider (SP) settings: Once the SAML 2.0 authentication provider has been saved, we provide the SP settings that are required to add Logiforms as a valid service provider to the external authentication system.
6. Metadata XML: Import the Metadata XML file via the direct URL or by uploading it. This will send the data into the IdP to simplify configuration.
7. Entity ID: This setting is the ID of the Logiforms SP server.
8. ACS URL: This setting is the Assertion Consumer Service URL and is used to tell the external authentication system the URL to redirect authentication results to once the user has authenticated.
9. ACS Binding: This setting is the Assertion Consumer Service Binding value and is used to tell the external authentication system the mechanism to use when returning the authentication result to Logiforms.
10. Name ID Format: This setting is the format of the authentication result that the external authentication system should use when returning the authentication result to Logiforms.
0 Comments