- Expand the SAML2 Web SSO Configuration form.
Fill in the following fields where relevant.
Field Description Enable SAML2 Web SSO Selecting this option enables SAML2 Web SSO to be used as an authenticator for users provisioned to the Identity Server. Default Selecting the Default checkbox signifies that SAML2 Web SSO is the main/default form of authentication. This removes the selection made for any other Default checkboxes for other authenticators. Identity Provider Entity Id This is basically the issuer of the response. It must be unique among identity providers. Service Provider Entity Id This is the entity Id of the Identity Server. This is useful when differentiating between tenants. SSO URL This is the URL to which the browser should be redirected after the authentication is successful. It should have this format:
Enable Authentication Request Signing Selecting this checkbox enables you to sign the authentication request. Enable Assertion Encryption This is a security feature where you can encrypt the SAML2 Assertions returned after authentication. Enable Assertion Signing
Select Enable Assertion Signing to sign the SAML2 Assertions returned after the authentication. SAML2 relying party components expect these assertions to be signed by the Identity Server.
Enable Logout Select Enable Single Logout so that all sessions are terminated once the user signs out from one server. Logout URL You can enter a custom Logout URL if required. If you do not enter anything here it will simply return to the SSO URL you specified. Enable Logout Request Signing Selecting this checkbox enables you to sign the logout request. Enable Authentication Response Signing
Select Enable Authentication Response Signing to sign the SAML2 Responses returned after the authentication.
SAML2 Web SSO User Id Location Select whether the User ID is found in 'Name Identifier' or if it is found among claims. Additional Query Parameters This is necessary if you are connecting to another Identity Server or application. Sometimes extra parameters are required by this IS or application so these can be specified here.