Overriding the service provider settings for a SAML SSO authentication service
The service provider settings for a SAML SSO authentication service are automatically populated when you create the authentication service. You can override the default values.
- Open the authentication service and on the SAML 2.0 tab, navigate to the Service Provider (SP) settings section.
- In the Entity identification field, enter an entity ID that is auto-populated in the new authentication services.
-
In the
Login (SSO) protocol binding
list, the system
provides a default protocol binding. You can change the binding protocol to one
of the following.
- HTTP Post – SAML protocol messages are transmitted in an HTML form with base64-encoded content.
- HTTP Artifact – SAML protocol messages are transmitted using a unique identifier called an artifact. Select this protocol if you do not want to expose the content of the SAML message during connection.
- HTTP Redirect – SAML protocol messages are transmitted within URL parameters.
- In the Assertion Consumer Service (ACS) location field, override the system-provided URL of the standard ACS REST service URL.
- In the Redirect logout location field, override the system-provided URL of the standard logout REST service.
- In the SOAP logout location field, override the system-provided URL of the standard logout SOAP service.
- In the Artifact Resolution Service (ARS) location field, override the system-provided URL of the standard ARS to send the artifact resolve request to the IdP.
- To disable the signing of authentication and logout requests from your application to the Identity Provider, select the Disable request signing check box.
- To reject all unsigned SAML assertions, select the Reject unsigned assertion check box.
-
To select the SP Private Key to sign the SAML authentication and logout
requests, in the
Signing certificate
section, click the
Pencil icon.
- In the KEYSTORE NAME field, press the Down Arrow key and select the keystore that contains the private key, private key alias, and password to use.
- Click Submit.
-
In the
Decryption certificate
section, click the Pencil
icon to select the SP Private Key to decrypt the response from the IdP for
authentication and logout requests.
- In the KEYSTORE NAME field, press the Down Arrow key and select the keystore that contains the private key, private key alias, and password to use.
- Click Submit.
- To download the service provider metadata, click Save, and then click Download SP metadata.
- Click Save.