Search Results
-
Configuration of SAML ticket for solicitor role
Updated on: Apr 11, 2024
This document describes how to configure the authority attribute to define the user role in Signing Workflow.
Signing Workflow has one role called solicitor. The solicitor role is allowed to create new Signing Workflow errands and assign the errand to multiple requested signers.
Non-solicitors are able to login to Signing Workflow. They will only see the Signing Workflow errands where they are part of the list of requested signers.
-
PhenixID web apps authentication and SAML – Selector
This authenticator is used to present authentication options to the end user.
-
SAML - NetID Access Server (NIAS) authentication
Updated on: Jun 07, 2021
The purpose of this document is to describe how to configure PhenixID server for federation with SAML2 using NetID Access Server as an authentication method for PhenixID server.
-
SAML - Configuring Siths Eid as an authentication method
The purpose of this document is to describe how to configure PhenixID Authentication Services for federation with SAML2 using Siths Eid as an authentication method.
-
PhenixID web apps authentication – SAML SP
Updated on: Nov 03, 2021
The purpose of this document is to describe how to configure PhenixID server internal web applications for authentication using SAML Service Provider Authentication. This is used when the user authentication is performed on an SAML Identity Provider.
-
SAML Identity Provider in PAS 5.1 and beyond
The introduction of protocol agnostic authenticators also includes new updates to SAML Identity Providers in PAS 5.1. Old configurations will still work, but not have access to these new features.
Things that previously required additional configuration is now available straight out the box, including the following:
- SAML Logout / SLO
- SAML SignMessage display
- SAML SSO
To get started, simply follow the "SAML Identity Provider" guide scenario in the configuration manager, under the "Federation" tab. There, you will input the base URL of your PAS server, the internal IDP ID, and some more minor configuration to get your identity provider going. The resulting configuration based on your base URL and internal ID will be the following:
- Entity ID: <base-url>/authentication/saml/<internal-idp-id>
- postSSOURL / redirectSSOURL: <base-url>/authentication/saml/<internal-idp-id>/login
- postSLOURL / redirectSLOURL: <base-url>/authentication/saml/<internal-idp-id>/logout
- Metadata endpoint: <base-url>/authentication/saml/<internal-idp-id>/meta
You will also choose an authenticator that will be executed at the login endpoint. This is usually an AgnosticDispatcher or AgnosticAuthSelector that can direct the flows further, depening on your needs. New SAML Identity Providers also come with a pipe that executes an AssertionProvider, with the execution condition that no other Assertion has been provided previously in the flow. If the configuration for your AssertionProviders do not depend on the authenticator flow, you can simply configure this to fit your needs. You can also place AssertionProviders in the pipes of the executed authenticators if you wish. The pipe run by the identity provider will have access to the same item from the pipe of the authenticators, so you do not need to populate the item from scratch.
-
OIDC to SAML Identity Provider (internal or external)
Performing this scenario will produce an OpenID Connect Provider, relaying the authorization step to a SAML Identity Provider. PhenixID will act as a SAML Service Provider against the IdP.
Be sure to have configured "Relying party", "Keystore" and "Identity Provider" scenarios prior to executing this scenario.
The "Keystore" scenario can be found under the FEDERATION tab.
The "Identity Provider" scenario can be found under the FEDERATION - SAML metadata upload tab.
-
Understanding SAML attributes - OIDC claims mapping, when using PhenixID Authentication Services as OP/SAML-SP bridge
This document describes how the mapping between SAML attributes and OIDC claims are made when PhenixID Authentication Services is used as an OpenID Connect Provider with a SAML SP as authorization method (this is the result when adding a provider through Scenarios->OIDC->SAML Identity Provider).
This document also describes how to map the flags indicating user authentication strength:
- SAML authnContextClassRefContext tag to OIDC amr claim
-
Handle nullPointerException on wrongly saved SAML authentication link
The reader should have some basic knowledge about PhenixID Server.
This document describes how to configure the system to handle wrongly saved SAML authentication links.
Do the following steps in the ADVANCED tab in the Configuration GUI
-
SAML - Configuring Swedish BankID as an authentication method for PhenixID server
The purpose of this document is to describe how to configure PhenixID server for federation with SAML2 using Swedish BankID as an authentication method for PhenixID server.