Changes

Single Sign-On

416 bytes added, 13:52, 10 May 2016
no edit summary
==SAML 2.0==
 
SmartSimple supports SAML ('''Security Assertion Markup Language''') 2.0 as the Service Provider through our own proprietary implementation of this standard. As the Service Provider, the user will first authenticate on the client side system/infrastructure and then be directed into SmartSimple.
===Prerequisites===
 
* You must provision your own Identity Provider service, third-party or otherwise, for use with this feature. Enabling and maintaining the Identity Provider is your responsibility.
* You must provide SmartSimple with a public key in base64-encoded X.509 Certificate format for digital signature validation.
===AttributesRequired Information===The following <ul><li>Unique user identifier. This can be sent in the <NameID> element within the <Subject> element, or optionally within an <Attribute> element named ''UID''</li><li>AssertionConsumer Service URL. This will be equal to '/SAML2/'prefixed by your SmartSimple instance URL (i.e. https://alias.smartsimple.com/SAML2/)</li><li>Service Provider' s Entity ID. This can be equal to the same as above Assertion Consumer Service URL</li></ul> ===Optional Information===The following optional attributes are can be usedin the assertion:<ul><li>NameID (or optionally UID (client system’s unique can be used instead of NameID as the user ididentifier)</li><li>Email (optional)</li><li>First name (optional)</li><li>Last name (optional)</li><li>Department (optional)</li><li>Roles (optional, comma delimited list of SmartSimple user roles (by name) to be assigned to the user)</li><li>Language (optional)</li><li>RedirectURL (optional)</li></ul>
===SAML Response Sample XML===
<samlp:Status>
<samlp:StatusCodeValue="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" IssueInstant="2014-07-12T14:17:03.246Z" ID="X14MvZtPaqyUjfFCbehto32uDTG">
<saml:Issuer>sso:saml2:alias:stage:SmartSimple:idp</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">T5014CD</saml:NameID>
</saml:AuthnStatement>
<saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml:AttributeName FormatAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="UID">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">T5014CD</saml:AttributeValue>
</saml:Attribute>
<saml:AttributeName FormatAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Email"> <saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">david@aliasemail.com</saml:AttributeValue>
</saml:Attribute>
<saml:AttributeName FormatAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="First name">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">David</saml:AttributeValue>
</saml:Attribute>
<saml:AttributeName FormatAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Last name">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Smith</saml:AttributeValue>
</saml:Attribute>
<saml:AttributeName FormatAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Department">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Shipping</saml:AttributeValue>
</saml:Attribute>
<saml:AttributeName FormatAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Roles">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Clerk</saml:AttributeValue>
</saml:Attribute>
Smartstaff, administrator
687
edits