SAMLHeadlessSSO

SSO authenticator creating assertion based on current session.

Properties

Name Description Default value Mandatory
idpID ID of IdP configuration to use
YES
pipeID
ID of pipe creating assertion
YES
authURL
URL to redirect to if no session exist.

YES


sendSAMLResponseOnError



Whether or not a SAMLResponse containing an error response should be sent back to the SP upon an internal authentication error.
false NO
strictValidation Whether or not additional validation checks should be made on the SAMLRequest false NO

Example Configuration

// AUTHENTICATORS
{
    "id": "auth_sso_01",
    "alias": "auth_sso_01",
    "name": "SAMLHeadlessSSO",
    "displayName": "SSO",
    "configuration": {
        "idpID": "c133328c-0823-4368-9045-9a0a8ddc52c",
        "pipeID": "auth_sso_pipe",
        "authURL": "https://host/saml/authenticate/idp"
    }
}
<p>// PIPES
{
    "id" : "auth_sso_pipe",
    "description" : "Pipe for SAML SSO",
    "name" : "Pipe for SAML SSO",
    "enabled" : "true",
    "config" : { },
    "valves" : [ 
{
      "name" : "SessionLoadValve",
      "config" : {
        "id" : "{{request.session_id}}"
      }
    }, {
      "name" : "ItemCreateValve",
      "config" : {
        "dest_id" : "{{session.user_id}}"
      }
    }, {
      "name" : "PropertyAddValve",
      "config" : {
        "name" : "uid",
        "value" : "{{session.user_id}}"
      }
    }, {
      "name" : "PropertyAddValve",
      "config" : {
        "name" : "mail",
        "value" : "[email protected]"
      }
    }, {
      "name" : "AssertionProvider",
      "enabled" : "true",
      "config" : {
        "targetEntityID" : "c133328c-0823-4368-9045-9a0a8ddc52c",
        "nameIDAttribute" : "uid",
        "additionalAttributes" : "mail"
      }
    } ]
  }</p>
Click to copy

Requirements