Search Results
-
SAML One Touch token
Updated on: Mar 20, 2024
Performing this scenario will produce a SAML IDP validating an access token issued by One Touch using either Active Directory, LDAP or SQL database as the primary userstore. Be sure to have configured "Keystore" & "SAML meta upload" scenarios prior to executing this scenario.
To enable access from within the One Touch profile the server needs to "aware" of this configuration. This is done by configuring "One Touch actions".
Se how here
Not that this method of authentication does not have any means of user input, UI. Using One Touch tokens also implies for unsolicited SAML behavior.
This article will use LDAP as the primary user store.
-
SAML - Add metadata with colliding EntityID
Updated on: Jul 06, 2021
This document describes how to add metadata to PAS when the content of the metadata to upload contains a colliding EntityID.
The reader of this document should have some basic knowledge about PhenixID Server.
We will make changes to phenix-store.json, so make sure to have a recent copy/backup of this file.
-
SAML - Configuring Hypr as an authentication method
Updated on: May 20, 2021
The purpose of this document is to describe how to configure PhenixID Authentication Services for federation with SAML2 using Hypr as the authentication method.
-
SAML - Configure Single Logout (SLO)
Updated on: Jan 28, 2021
This document describes how to configure the system with Single Logout when PhenixID Server is setup as a SAML idP.
The Single Logout function will:
- Consume a SAML LogoutRequest from the initiating SP
- Kill the PhenixID server session
- Produce a SAML LogoutResponse and send it to the SP
-
SAML - Configure NameID persistent psuedonym
Updated on: Apr 09, 2020
This document describes how to configure the execution flow to create a SAML NameID persistent pseudonym.
-
SAML - SSL Client Certificate Authentication
Updated on: Sep 30, 2022
The purpose of this document is to describe how to configure PhenixID server for federation with SAML2 using SSL Client Certificate authentication. Example SSL Client Certificates are SITHS and Telia. This authentication method can be used for any CA.
-
Configuration of SAML ticket for solicitor role
Updated on: Aug 22, 2023
This document describes how to configure the authority attribute to define the user role in Signing Workflow.
Signing Workflow has one role called solicitor. The solicitor role is allowed to create new Signing Workflow errands and assign the errand to multiple requested signers.
Non-solicitors are able to login to Signing Workflow. They will only see the Signing Workflow errands where they are part of the list of requested signers.
-
SAML IdP Extra Validation Checks
Updated on: Aug 24, 2023
This document describes various ways to expand the validation checks made on incoming SAML AuthnRequests. Full support requires PAS 4.7 or higher.
-
SAML Identity Provider (internal or external)
Updated on: Aug 24, 2023
Performing this scenario will produce an OpenID Connect Provider, relaying the authorization step to a SAML Identity Provider. PhenixID will act as a SAML Service Provider against the IdP.
Be sure to have configured "Relying party", "Keystore" and "Identity Provider" scenarios prior to executing this scenario.
The "Keystore" scenario can be found under the FEDERATION tab.
The "Identity Provider" scenario can be found under the FEDERATION - SAML metadata upload tab.
-
Configuration of SAML ticket for solicitor role
Updated on: Apr 05, 2023
This document describes how to configure the authority attribute to define the user role in Signing Workflow.
Signing Workflow has one role called solicitor. The solicitor role is allowed to create new Signing Workflow errands and assign the errand to multiple requested signers.
Non-solicitors are able to login to Signing Workflow. They will only see the Signing Workflow errands where they are part of the list of requested signers.