Performing this scenario will produce a SAML IDP using the PhenixID One Touch token as primary identification mechanism.
No user input is required. Identification is done through either QR code or "app switching".
A good idea is to enable one or more of the applications used for issuing One Touch profiles.
This article will use LDAP as the primary user store.
Enter a search filter. This will be used to locate the authenticating user. Configure the search base by browsing through clicking "Choose" or manually enter the search base root. None of the values may be blank.
Configure the entity id of this IDP. Note that this ID MUST be unique within the federation and installation of the PhenixID system.
Post SSO URL must be accessible for the clients targeted for this SAML federation. Pattern of the POST SSO URL must by in the format <http/https>://<host>/saml/authenticate/<unique_identifier>
The ending unique identifier is what is used by the system to route the request to the appropriate IDP.
Enter the attribute used as the iser identifier. This is the attribute the user will enter at login. This is also the value that will be marked as the nameid in the assertion token. Any additional attributes incorporated in the assertion (SAML Attribute statement) is entered in the "Additional attributes" section. Multiple attributes are separated by comma.
Select the default service provider used when performing unsolicited SAML. Solicited requests will be handled automatically, using the SP entity id from the SAML authentication request. The list of known SPs is provided through the sum of alla metadata uploaded.