SAMLHeadlessSSO
SSO authenticator creating assertion based on current session. Note: If parameter "resolveSAMLRequestProperties" is set to true (either here or earlier in the flow), the SAML Request Properties "isPassive" and "forceAuthn" will affect the behavior of this authenticator.
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| idpID | ID of IdP configuration to use | YES | |
| pipeID |
ID of pipe creating assertion | YES | |
| authURL |
URL to redirect to if no session exist. |
YES |
|
|
sendSAMLResponseOnError |
Whether or not a SAMLResponse containing an error response should be sent back to the SP upon an internal authentication error. |
false | NO |
| strictValidation | Whether or not additional validation checks should be made on the SAMLRequest | false | NO |
| resolveSAMLRequestProperties | Whether or not request properties from the SAML AuthnRequest should be resolved before proceeding with the authentication. Typically used at the start of an authentication flow. |
false | NO |
Example Configuration
// AUTHENTICATORS
{
"id": "auth_sso_01",
"alias": "auth_sso_01",
"name": "SAMLHeadlessSSO",
"displayName": "SSO",
"configuration": {
"idpID": "c133328c-0823-4368-9045-9a0a8ddc52c",
"pipeID": "auth_sso_pipe",
"authURL": "https://host/saml/authenticate/idp"
}
}
<p>// PIPES
{
"id" : "auth_sso_pipe",
"description" : "Pipe for SAML SSO",
"name" : "Pipe for SAML SSO",
"enabled" : "true",
"config" : { },
"valves" : [
{
"name" : "SessionLoadValve",
"config" : {
"id" : "{{request.session_id}}"
}
}, {
"name" : "ItemCreateValve",
"config" : {
"dest_id" : "{{session.user_id}}"
}
}, {
"name" : "PropertyAddValve",
"config" : {
"name" : "uid",
"value" : "{{session.user_id}}"
}
}, {
"name" : "PropertyAddValve",
"config" : {
"name" : "mail",
"value" : "[email protected]"
}
}, {
"name" : "AssertionProvider",
"enabled" : "true",
"config" : {
"targetEntityID" : "c133328c-0823-4368-9045-9a0a8ddc52c",
"nameIDAttribute" : "uid",
"additionalAttributes" : "mail"
}
} ]
}</p>
Click to copy