SAML2 - Generic Identity Provider Node
| Description | The SAML2 - Generic Identity Provider node enables authentication through an external SAML 2.0 Identity Provider (IdP). |
| Available in | Authentication, Library |
| Node Name | SAML2 - Generic Identity Provider |
Service Provider Configuration
Name
From the dropdown select the Service Provider Configuration already created on the dedicated Service Provider section.Attribute Consuming Services
The Attribute Consuming Services define which **user attributes** the Service Provider (SP) requests from the Identity Provider (IdP) as part of the SAML authentication process. You can add attributes based on the configuration already defined on the dedicated Service Provider section.Signing Algorithm
The Signing Algorithm defines the **cryptographic algorithm** used to sign SAML messages and assertions. Available options: - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512Identity Provider Configurations
Load from File
It is possible to load the SAML metadata information from a file to be uploaded.General Configurations
- **Entity ID**: Specifies the unique identifier of the Identity Provider (IdP). It is used to identify the IdP in the SAML exchange. - **Name ID Format**: Defines the format of the user identifier returned in the SAML assertion (e.g., persistent, transient, email). - **Authentication Context reference**: Specifies the required authentication context (e.g., password, MFA). - **Comparison of Authentication Context**: Defines how the requested authentication context is evaluated (Exact, Minimum, Better, Maximum).Single Sign-On Services
Defines one or more SSO endpoints of the Identity Provider. For each entry, define: - **Binding**: (e.g., HTTP-Redirect, HTTP-POST) - **Location**: (URL) – IdP endpoint for authentication requests > **Note**: At least one SSO endpoint **is required**.Single Logout Sign-On Services
Defines the logout endpoints of the Identity Provider. For each entry, define: - **Binding**: (e.g., HTTP-Redirect, HTTP-POST) - **Location**: (URL) – IdP endpoint for authentication requests - **Response Location**: (URL) – If the response should go to a different endpoint.Signing Options
Defines which SAML messages must be signed: - **IdP requires signed authentication requests** - **IDP signs POST responses** - **IDP signs Logout request** - **IDP signs Logout responses** - **IDP requires signed logout requests** - **IDP requires signed logout responses**Signing Key
Define the Certificate used when signing is required by the IdP.Attributes
Defines how SAML attributes are mapped: - **Name**: Attribute name from the SAML assertion - **Descriptive Name**: Internal or friendly nameDefault Output Node
- Success
- Failure
