SAMLWindowsSSO

Use to leverage the authentication already done on the windows workstation.

Please make sure that a SAMLDatasave authenticator is placed in front of this authenticator.

Properties

Name Description Default value Mandatory
idpID The internal identifier of the idp used N/A Yes
pipeID ID of the pipe to execute used to verify user credentials N/A Yes
authProtocol What IWA mechanism to use when talking to the client. Allowed values are 'NTLM' or 'Negotiate' NTML No
loginTemplate Template used when presenting end-user UI. This template is wher euser enters credantials winsso.template No
allowLanguageChange Should user be able to change template language N/A No
enableHoneypot Enable/disable bot protection true No
translationKey Body used in template. Value in this will try to map against language used by end-user login.messages.information.body No
includeQueryString Should initial query string parameters be passed on false No
errorRedirect Where to send user agent if pipe fails N/A No
iwaSSOTarget Where to initiate client IWA authenticate ajax POST. Example: /saml/authenticate/AUTHENTICATOR_ALIAS Current browser path No
iwa_error_redirect If iwa fails, where to send client. N/A No

Example Configuration 

{
    "alias": "samlwin",
    "name": "SAMLWindowsSSO",
    "configuration": {
        "idpID": "phenixid.ninja",
        "pipeID": "authPipe1",
        "iwaSSOTarget": "/saml/authenticate/samlwin",
    },
    "id": "samlwin"
}

Requirements

PAS must be installed on a windows host belonging to the same domain as the clients used by the users.

This authenticator MUST be used together with a SAMLDatasave authenticator.