Changes

Single Sign-On

4,158 bytes removed, 18:41, 5 January 2023
no edit summary
After the November 2022 upgrade, Service Provider-initiated authentication is now supported. The Service Provider sends the SAML Authorization Request message and forwarding the user to the client Identity Provider service for authentication. The end user will login from the client-side Identity Provider. After the end user has been authenticated, the client Identity Provider service will redirect them back to the SmartSimple instance along with a base64-encoded SAML assertion response. The user's browser will then relay this assertion to the SmartSimple server for SSO authentication.
 
===Prerequisites===
=====Role Mapping=====
 
=====User Creation Option=====
 
=====Multi Environment Support (MES)=====
 
====Optional Attibutes====
The following optional attributes can be used in the assertion. Please note that they are case sensitive and should be labelled exactly.
* Service Provider metadata XML - the following is an example service provider metadata that can be used, however you must first replace every instance of 'alias.smartsimple.com' instead with the URL to your SmartSimple system.
<pre><!--?xml version="1.0"?--><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://alias.smartsimple.com/"> <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://alias.smartsimple.com/SAML2/" index="1"/> </md:SPSSODescriptor> <md:ContactPerson contactType="technical"> <md:GivenName>SmartSimple Support</md:GivenName> <md:EmailAddress>support@smartsimple.com</md:EmailAddress> </md:ContactPerson> <md:ContactPerson contactType="support"> <md:GivenName>SmartSimple Support</md:GivenName> <md:EmailAddress>support@smartsimple.com</md:EmailAddress> </md:ContactPerson></md:EntityDescriptor> </pre>
====Active Directory Federation Services====
<div id="mw-content-text" lang="en-GB" dir="ltr" class="mw-content-ltr">
<pre><!--?xmlversion="1.0" encoding="UTF-8"?><samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://alias.smartsimple.com/SAML2/" IssueInstant="2014-07-12T14:17:03.063Z" ID="BYavZkuNtRHC5rEPhIAEQrys1Wb" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">sso:saml2:alias:stage:SmartSimple:idp</saml:Issuer>
<dssso:Signature xmlnssaml2:ds="httpalias://www.w3.org/2000/09/xmldsig#"> <dsstage:SignedInfo> <dsSmartSimple:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#BYavZkuNtRHC5rEPhIAEQrys1Wb"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>+2uvXQh+d65mNWs0G6FBf4igIxU=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>LEOCPec/eNBMqBV7A99...</ds:SignatureValue> </ds:Signature>idp
<samlp:Status> +2uvXQh+d65mNWs0G6FBf4igIxU= LEOCPec/eNBMqBV7A99...  
<samlp:StatusCodeValue="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp  sso:Status>saml2:alias:stage:SmartSimple:idp T5014CD sso:saml2:alias:stage:SmartSimple:sp urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified T5014CD david@email.com David Smith Shipping Clerk  
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" IssueInstant="2014-07-12T14:17:03.246Z" ID="X14MvZtPaqyUjfFCbehto32uDTG">
<saml:Issuer>sso:saml2:alias:stage:SmartSimple:idp</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">T5014CD</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2014-07-12T14:22:03.246Z" Recipient="https://alias.smartsimple.com/SAML2/"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2014-07-12T14:22:03.246Z" NotBefore="2014-07-12T14:12:03.246Z">
<saml:AudienceRestriction>
<saml:Audience>sso:saml2:alias:stage:SmartSimple:sp</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2014-07-12T14:17:03.246Z" SessionIndex="X14MvZtPaqyUjfFCbehto32uDTG">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="UID">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">T5014CD</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Email">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">david@email.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="First name">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">David</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Last name">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Smith</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Department">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Shipping</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="Roles">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Clerk</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
</pre></div>
<div id="catlinks" class="catlinks" data-mw="interface"></div>
 [[Category:Integration]][[Category:System Integration]]
[[Category:Identity and Access Management]]
[[Category:Security]]
Smartstaff
1,385
edits