To integrate the Authentication Server with any SAML Identity Provider (see instructions for SAML integration), you need to add the Authentication Server configuration into the SAML Identity Provider (it should be registered as SAML v2 remote service provider). Next, you need to configure the following additional parameters in the authserver.properties file.
Specifies an Identity Provider metadata URL address if SAML Identity Provider supports metadata retrieval from the URL (e.g., ForgeRock OpenAM).
-
authentication.saml.idp.metadata.file
Specifies the path and/or name of a metadata file. You can use either an abstract or a relative path. If the path is relative, the location is the WebAppPlatform directory.
-
authentication.saml.link
The title of the button for SAML user login is displayed on the login page.
SAML User
authentication.saml.disable.force.authentication
Sets ForceAuthn to true or false in the AuthnRequest in SAML-based authentication. Change it carefully as you won't be able to log in with another user after user logout if the value istrue.
false
authentication.saml.signature.algorithm
SAML integration requests a signature algorithm. Available values - SHA1, SHA256. and SHA512.
SHA1
authentication.saml.authn.contexts
List of AuthN Contexts separated by a comma.
-
authentication.saml.authn.context.comparison.type
AuthN Context comparison type (exact, better, maximum, minimum).
exact
authentication.saml.error.visible
Flag indicating if SAML authentication detailed error text should be displayed for the user.
