SAML application scripting guide

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SAML application scripting guide"

Transcription

1 Chapter 151 SAML application scripting guide You can use the generic SAML application template (described in Creating a custom SAML application profile) to add a SAML-enabled web application to the app catalog. This template creates a SAML application profile for a web application that defines how the cloud service presents an authenticated user to the web application via a SAML assertion. Each SAML application profile requires a custom SAML script. The script defines how the cloud service creates and presents a SAML assertion for each user s session with the web application. Each application profile may also provide an optional user map script that determines the user s application log-on name for use in the SAML assertion. Both scripts are written in JavaScript. This guide provides these sections: SAML authentication overview is an overview of the SAML authentication process for a user session with a web application. It shows how the cloud service works with a set of JavaScript objects during the process. Writing a user map script describes how to write an optional user map script to specify an application user log-on name for a user session. Writing a custom SAML script describes how to write the required custom SAML script to define a SAML assertion for a user session. Scripting environment reference is a reference section for the objects, methods, and variables in the user map and SAML scripting environment. To write a SAML script, you need to know how to write code in JavaScript. You also need to know the basics of SAML authentication to understand how to specify a SAML assertion. This guide provides some guidance about SAML configuration values, but for specifics you can consult the SAML specifications provided at For an introduction to SAML, try the overviews provided at saml-introduction. SAML authentication overview When a user asks to connect to a SAML-enabled web application in the user portal, the traditional SAML roles are these: The principal is the user, who s already been authenticated in the user portal through the cloud service. The principal is using a web browser (connected to the user portal) or the mobile application as his user agent to request a web application connection. 18

2 SAML authentication overview The identity provider is the cloud service, which provides a SAML assertion that presents the user as an authenticated principal. The service provider is the web application host that receives the SAML assertion and decides whether or not to grant resource access to the principal (the user). The SAML authentication process When the cloud service presents a user to a SAML-enabled web application, it creates a SAML assertion for the user session that satisfies the requirements of the service provider (the web application host) and presents necessary information about the current user. The following figure shows the steps the cloud service takes when it authenticates a user to a SAML application added to the app catalog using the generic SAML application template. The steps follow. 1 The user clicks the web application in the user portal. 2 The user portal notifies the cloud service that the user wants a session with the web application. 3 The cloud service creates a set of JavaScript objects for this SAML user session: An Application object that contains the properties of the web application as they re defined in the web application profile. Those properties are defined using the generic SAML application template and include the application name, the URL, the issuer, the IdP sign-in URL, and others that appear in the template in the Cloud Manager. The Application object is a read-only object. A script reads its properties through the object s Get() method. Cloud Manager user s guide 19

3 SAML authentication overview A LoginUser object that contains information about the user identity used to log onto the service provider: the user identity recognized by the web application (which is not necessarily the user portal login user name) and so on. This is a read-write object that the cloud service or the user map script may alter before it s used later in the custom SAML script to set the user name in the SAML assertion. A private assertion object that defines the elements of the SAML assertion that the cloud service builds to send to the web application. This object isn t visible to the custom SAML script, but the script may set the assertion object s properties using a family of global set methods (described later). 4 The cloud service determines the web application log-on user name as it was specified in the generic SAML application template. The template specifies one of these three methods: The cloud service checks the user s Active Directory user record through the cloud connector, retrieves the specified attribute as the application user name, then assigns the user name to the LoginUser.Username property. The cloud service caches the returned attribute so that it doesn t have to retrieve it again from Active Directory for later identical queries. The cloud service reads the shared single user name specified in the template and assigns it to LoginUser.Username. The cloud service executes the user map script set in the template, which creates a user name and assigns it to LoginUser.Username. 5 The cloud service executes the custom SAML script to specify a SAML assertion for the user session. The script must define all the SAML assertion elements required by the web application. The script uses the global assertion-set methods to define the elements in the private assertion object. 6 The cloud service creates a SAML assertion based on the properties of the private assertion object and includes the assertion in a SAML response. 7 The cloud service signs the SAML response (or the SAML assertion within the response, depending on what s specified in the custom SAML script). It uses the cloud service certificate private key unless the application profile is set to provide a different certificate. (Certificate assignment is set in the Application Settings tab of the generic SAML application template.) 8 The cloud service sends the SAML response to the user portal (or the browser running it). The SAML response has a redirection that instructs the user portal to send the response to the web application at the URL specified in the SAML assertion. 9 The user portal sends the SAML response to the specified URL. 10 The web application reads the SAML response and then (if the key and assertion check out) logs the user into the web application. Chapter 151 SAML application scripting guide 20

4 Writing a user map script Writing a user map script The user map script is JavaScript that you may set up as an optional way to determine the user name used to log onto a web application. Entering a user map script To enter the user map script in the Application Settings tab of the generic SAML application template: 1 Under Account Mapping, select Use Account Mapping Script to open the user map script text panel. 2 Enter the script in the text panel. Incorrect JavaScript syntax in a line triggers a yellow symbol before the line number. 3 (Optional) Click Test. The Test Results window opens showing Account Mapping Details and the results of a Trace of the script. The Account Mapping Details list displays the attributes of the mapped LoginUser. 4 Click Save Changes. Read Creating a custom SAML application profile for more information about using the generic SAML application template. User map script elements The user map script is an optional way to determine the user name to present to a web application if the other user mapping options won t provide what s required. Your script can examine current application and user properties for this user session and can use that information and any other factors to create a user name. The user map script must, at some point, assign a user name to the LoginUser.Username property, where it s retrieved later to create a SAML assertion. Retrieving application information If the user map script requires information about the current web application, it can retrieve properties from the Application object created for this user session. The method Application.Get() retrieves those properties. It takes as its argument a string that specifies the property whose value to retrieve. Application Name, for example, retrieves the name of the application. The Application object describes all of the Application object s properties that you may retrieve. These properties aren t typically used for determining a user name, although the application name may sometimes be useful. Cloud Manager user s guide 21

5 Writing a user map script Retrieving LoginUser properties If the user map script requires information about the current user settings, it can examine the properties of the LoginUser object created for this user session. The LoginUser object describes the LoginUser properties. Several of these properties (LoginUser.GroupNames, for example) contain an array of group names of which the user is a member. These might be useful, depending on your requirements, for determining a user name. You might, for example, specify a single user name for anyone belonging to the admin group, and specify another single user name for anyone belonging to the sales group. You can also use the LoginUser.ServiceName and LoginUser.ServiceType properties to distinguish between directory sources. For example, if the user is managed by Active Directory, some attributes might be different than users managed by LDAP (userprincipalname for AD and UID for LDAP). Use either of these properties to determine the user s directory source. Retrieving the user s directory attributes The LoginUser object offers a single method, Get(), that retrieves any one of the current user s attributes. It takes as its argument a string that specifies the key of the attribute to retrieve. LoginUser.Get( mail ), for example, returns the user s address as stored in Active Directory. When LoginUser.Get() executes, the cloud service contacts the source directory through the cloud connector for the user s organization and retrieves the attribute. If, for example, an Active Directory user has logged into the user portal as a member of the Acme organization, executing LoginUser.Get() during one of that user s log-on sessions contacts the Acme Active Directory service through the cloud connector set up in Acme s internal network. If a Cloud user has logged in, executing LoginUser.Get() queries the Cloud Directory Service (CDS). Note Not all attributes are common between directory services. If you have uses managed by different directory services (for example, AD and LDAP), use the LoginUser.ServiceType or Login.User.ServiceName properties to determine the user s source directory and then get the appropriate attribute key. Refer to The LoginUser object for more information. Example if(loginuser.servicetype == 'LDAPProxy'){ UserIdentifier = LoginUser.Get('uid'); } else { UserIdentifier = LoginUser.Username; } Chapter 151 SAML application scripting guide 22

6 Writing a custom SAML script Explanation The preceding example checks to see if the user is managed by LDAP. If the user s service type is LDAPProxy, the script gets the current user s UID attribute, otherwise it uses the LoginUser.Username property. Specifying the user log-on name Once your script has created a web application log-on name as a string value, it must assign it to the LoginUser.Username property. The script can assign the user name string directly to the property. An example script This sample user map script creates a user name by adding the application name to the current user name in Active Directory. The script assigns the result to LoginUser.Username. LoginUser.Username = LoginUser.Get( user ) + # + Application.Get( Name ); When the user whose AD account is barney.blanton wants to log into the web application named Busfare, the script creates the user name barney.blanton#busfare. The script assigns the user name to LoginUser.Username, where the custom SAML script will find the user name later and use it for the SAML assertion. Writing a custom SAML script The custom SAML script specifies elements that must be present in the SAML assertion used to start the current user session with a web application. To write the script, you must know what SAML elements the web application requires. The script must retrieve required information from the web application s profile and the user object, and must then specify the SAML elements and their values using assertion-set methods. After the script executes, the cloud service follows the script s specifications to create a SAML assertion and its enclosing SAML response. The custom SAML script is JavaScript and is required for each application profile created using the generic SAML application template. To see examples of SAML scripts used to connect to web services, open the application profile for any SAML application in the Apps panel of Cloud Manager. Click the Advanced tab to see the application s SAML script. Cloud Manager user s guide 23

7 Writing a custom SAML script Entering a custom SAML script To enter the custom SAML script in the Advanced tab of the generic SAML application template: 1 Click Edit. 2 Enter the advanced script in the text panel, replacing the existing script or using it as a template script. Incorrect JavaScript syntax in a line triggers a yellow symbol before the line number. Although the text panel offers this simple JavaScript support, if you re writing a script of any length you may want to use a specialized JavaScript editor and paste the results into the text panel. Note The template script present in the text panel by default will not work as a custom SAML script. You must modify or replace the script to meet the specific requirements of the web application. 3 (Optional) Click Test. The Advanced Script Results window opens showing SSO Token details and the results of a trace of the script. The SSO token is generated by the Cloud Manager for the user to log in to the web application. 4 Click Save Changes. Read Creating a custom SAML application profile for more information about using the generic SAML application template. Determining SAML requirements for the web application Each SAML web application typically requires its own set of SAML elements in a SAML assertion. Although many of the elements will be the same from application to application, there are enough variations that one script won t cover all applications. To write a script for a SAML web application, you must find out from the application s publishers what its SAML requirements are. If the application is a large public application, its publishers may present their SAML requirements on their web site. As an example, Salesforce publishes SAML requirements for authentication at login.salesforce.com/help/doc/en/sso_saml_idp_values.htm. Most large public SAML web applications, however, will probably already be in the app catalog so you won t need to add them via the generic SAML application template. For web applications that don t provide their SAML requirements publicly, you ll have to contact technical support or their development team to ask about their SAML requirements. This requires some familiarity with SAML. Reading through the a public SAML application s SAML requirements (such as Salesforce s requirements) is a good start to understanding what a typical SAML application requires. Chapter 151 SAML application scripting guide 24

8 Writing a custom SAML script Retrieving information The custom SAML script has access to the same JavaScript objects, global methods, and global variables that the user map script has along with some additional application-set methods used to specify SAML elements. To retrieve application and user information, use the Application and LoginUser objects that the cloud service creates for a user session. Retrieving application information The read-only Application object created by the cloud service for a user session contains the properties set in the application profile. Create a web application s profile using the generic SAML application template in the Cloud Manager (described in Creating a custom SAML application profile). You must set appropriate application properties in the application profile before the custom SAML script can retrieve application properties successfully. The method Application.Get() retrieves application properties. It takes as its argument a string that specifies the property whose value to retrieve. Application.Get( Name ), for example, retrieves the name of the application. The Application object describes all the Application object s properties that you can retrieve. The following table shows some of the most useful application properties for SAML information. Note that these property names are case-sensitive. Note also that some of the properties have a synonymous global variable that you can use in place of using Application.Get(). Property name Name Url Issuer The name of the application as entered in the Application Settings page. The SAML contact URL specified in the URL field in the Application Settings page. Synonymous with the global variable ServiceUrl. The entity ID specified in the Issuer field of the Application Settings page. Synonymous with the global variable Issuer. Retrieving LoginUser properties The properties of this user session s LoginUser object provide information about the user being authenticated for this SAML user session. The LoginUser object describes all of the LoginUser properties. The following table describes some of the most useful properties for SAML. Property name LoginUser.Username LoginUser.GroupNames The user name used to log the current user on to the web application. The user name is determined by the cloud service for this user session depending on the Map to user Accounts setting in the Application Settings tab. This property is synonymous with the global variable UserIdentifier. An array of group names for groups in which the user is a direct member (according to the user s Active Directory account). Cloud Manager user s guide 25

9 Writing a custom SAML script Property name LoginUser.EffectiveGroupNames An array of group names for groups in which the user is an effective member (according to the user s Active Directory account). A user is an effective member of a group if he is either a direct member of the group or is a direct member of a group that is in turn a member of the group. LoginUser.GroupDNs LoginUser.EffectiveGroupDNs LoginUser.ServiceType LoginUser.ServiceName Retrieving the user s directory attributes The LoginUser object offers a single method, Get(), that retrieves any one of the current user s attributes. It takes as its argument a string that specifies the key of the attribute to retrieve. LoginUser.Get( mail ), for example, returns the user s address as stored in Active Directory. When LoginUser.Get() executes, the cloud service contacts the source directory through the cloud connector for the user s organization and retrieves the attribute. If, for example, an Active Directory user has logged into the user portal as a member of the Acme organization, executing LoginUser.Get() during one of that user s log-on sessions contacts the Acme Active Directory service through the cloud connector set up in Acme s internal network. If a Cloud user has logged in, executing LoginUser.Get() queries the Cloud Directory Service (CDS). Note Not all attributes are common between directory services. If you have uses managed by different directory services (for example, AD and LDAP), use the LoginUser.ServiceType or Login.User.ServiceName properties to determine the user s source directory and then get the appropriate attribute key. Refer to The LoginUser object for more information. Example if(loginuser.servicetype == 'LDAPProxy'){ UserIdentifier = LoginUser.Get('uid'); } else { UserIdentifier = LoginUser.Username; } An array of distinguished names for groups in which the user is a direct member. An array of distinguished names of groups in which the user is an effective member. The type of directory service managing the user s user object. Possible values are: ADProxy LDAPProxy CDS (Cloud Directory Service) FDS (Federated Directory Service) The name of the directory service managing the user s user object. These values are set by the network administrator. This property is useful in environments with more than one LDAP proxy. Chapter 151 SAML application scripting guide 26

10 Writing a custom SAML script Explanation The preceding example checks to see if the user is managed by LDAP. If the user s service type is LDAPProxy, the script gets the current user s UID attribute, otherwise it uses the LoginUser.Username property. Specifying SAML assertion elements The cloud service offers a group of global assertion-set methods in a user session. These methods set the attributes of the private assertion object, which specifies how the cloud service will construct the SAML assertion for this user session. Most of these methods take as an argument the value for a specific SAML assertion element. setissuer(), for example, accepts an entity ID and uses it to specify the issuer URL in the SAML assertion. Two of the assertion-set methods, setattribute() and setattributearray(), specify a SAML response attribute by name and then specify a value for that attribute that is either a single argument or an array. The following table lists the most commonly used assertion-set methods. Assertion-set methods describes these methods in full. Global Method setversion(samlversion) setissuer(issuer) setsubjectname(username) setaudience(audience) setsignaturetype(signingpref) setrecipient(recipient) Specifies the version of the SAML assertion. 1 specifies version 1.1, 2 specifies version 2.0. The default is 2 if this method isn t present in the script. Specifies the issuer in the SAML assertion. Typically a URL provided by retrieving the Application property Issuer or by using the property s synonymous variable Issuer. Specifies the subject in the SAML assertion, which is the log-on name used for the web application. It s typically provided by retrieving the LoginUser.Username property or by using the property s synonymous variable UserIdentifier. If you have multiple directory sources, use the LoginUser.ServiceName or LoginUser.ServiceType properties to set an appropriate subject name. For example: if(loginuser.servicetype == 'LDAPProxy'){ setsubjectname(loginuser.get('uid')); } else { setsubjectname(loginuser.username); } Specifies the audience in an audience restriction in the SAML assertion. This typically takes a URL such as Specifies whether the SAML assertion should be signed, or the SAML response that contains the assertion. The two possible values are Response or Assertion. The default is Response if this method isn t present in the script. Specifies the recipient in the SAML assertion s SubjectConfirmationData element. This typically takes a URL such as Cloud Manager user s guide 27

11 Scripting environment reference Global Method sethttpdestination(responseurl) Specifies the URL to which to post the SAML response in the response s HTTP POST binding (the value in the action= argument). Typically a URL provided by retrieving the Application property Url or by using the property s synonymous variable ServiceUrl. You can repeat this assertion-set method at the end of the script using a string to specify an absolute URI if you want to post the SAML response to a specific address, such as a proxy provided by a cloud access security broker (CASB). setserviceurl(targeturl) setattribute(elementname, elementvalue) setattributearray(elementname, elementarray) Using the custom SAML script template Specifies the value for the TARGET form element (the resource requested for the user session) when posting the SAML response. This is typically a URL that is the same as that used for the sethttpdestination() method, typically retrieved through the Application property Url or by using the property s synonymous variable ServiceUrl. Takes two arguments. The first is a string that specifies the name of a SAML response attribute to set, the second specifies the attribute value. For example, setattribute( , LoginUser.Get( mail )); specifies the SAML attribute named to be set to the current user s address. Takes two arguments. The first is a string that specifies the name of a SAML response attribute to set, the second specifies an array as the attribute value. For example, setattributearray('groups', LoginUser.GroupNames); specifies the SAML attribute named Groups to be set to an array of group names in which the current user is a direct member. You can use the sample SAML script in the Advanced tab as a template for your own custom SAML script. It sets the most common SAML elements. Some of these elements it sets by retrieving values from the Application and LoginUser objects. Others it simply specifies by providing a string such as a URL. These provided sample string values won t work for your particular SAML web application; you need to fill them in with values that will work. You may also have to trim out some of assertion-set methods if they specify SAML elements that are not required by your web application, or you may have to add new methods for elements that are required but aren t in the sample script. Scripting environment reference The cloud service creates a set of JavaScript objects, global variables, and global methods for each SAML user session. These objects provide information that a user map script or a custom SAML script can read and act on. Some of the objects also accept values that specify elements with the SAML assertion that the cloud service presents to a web application. This section describes the SAML user-session JavaScript environment in which the user map script and the custom SAML script execute. The section describes each available object and Chapter 151 SAML application scripting guide 28

12 Scripting environment reference its public properties and methods. It also describes available global variables and global methods. The LoginUser object The cloud service creates a single LoginUser object for each SAML user session. The object is an instance of the LoginUser class, and is a read/write object. The LoginUser object s properties describe the user as he or she is presented to the web application. The following table describes those properties. Property name LoginUser.Username LoginUser.GroupNames The LoginUser object has a single method: The user identity presented in the SAML assertion to the web application. The cloud service determines the user ID for this user session depending on the Map to User Accounts setting in the Application Settings tab. (These settings determine the user name, which is the user ID presented in the SAML assertion.) An array of group names for groups in which the user is a direct member (according to the user s Active Directory account). LoginUser.EffectiveGroupNames An array of group names for groups in which the user is an effective member (according to the user s Active Directory account). A user is an effective member of a group if he is either a direct member of the group or is a direct member of a group that is in turn a member (or member of a member, and so on) of the group. LoginUser.GroupDNs LoginUser.EffectiveGroupDNs LoginUser.ServiceType LoginUser.ServiceName An array of distinguished names for groups in which the user is a direct member. An array of distinguished names of groups in which the user is an effective member. The type of directory service managing the user s user object. Possible values are: ADProxy LDAPProxy CDS (Cloud Directory Service) FDS (Federated Directory Service) The name of the directory service managing the user s user object. These values are set by the network administrator. This property is useful in environments with more than one LDAP proxy. Method name LoginUser.Get(ADkey) This method returns any one of the current user s Active Directory attributes. It takes as its argument a string that specifies the key of the attribute to retrieve. An example: LoginUser.Get( mail ) returns the user s address as stored in the user s Active Directory account. The Application object The cloud service creates a single Application object for each SAML user session. The object is an instance of the ReadOnlyDataEntity class, and is a read-only object. Cloud Manager user s guide 29

13 Scripting environment reference The Application object s properties describe the SAML web application as it s defined in the application profile. Create a SAML web application profile in the Cloud Manager using the generic SAML application template (described in Creating a custom SAML application profile). The Application object does not have any publicly accessible properties. A script accesses the object s properties using the object s single public method. Method Name Application.Get(property) The following section describes the property arguments this method can take. Application properties This method returns an Application object property. It takes as its argument a string that specifies the property to return. An example: Application.Get( Name ) returns the name of the application as entered in the Application Settings tab. The Application.Get() method may take the following property names as an argument. Each argument returns a different application property. The property names are casesensitive. Property Name _PartitionKey _RowKey Icon Issuer Name SamlScript TemplateName Url The customer ID used to establish the user session. An example: BZ284. The UUID (universally unique identifier) of the application. The text description of the web application entered in the description field of the Application Settings tab. The graphic file used as the icon for this application as set in the Application Settings tab. The entity ID specified in the Issuer field of the Application Settings tab. Synonymous with the global variable Issuer. The name of the application as entered in the Application Settings tab. The custom SAML script set in the Advanced tab. The type of generic application template used to define this web application s profile. Possible return values: Generic SAML Generic User-Password The contact URL specified in the URL field in the Application Settings tab. Synonymous with the global variable ServiceUrl. Chapter 151 SAML application scripting guide 30

14 Scripting environment reference Property Name UserName Strategy WebAppType The technique specified in the Application Settings tab to determine the user name (user identity) for a user session. Possible return values: ADAttribute: the cloud service sets the user name to the specified AD attribute of the current user. The cloud service queries the cloud connector for the AD attribute. The cloud service caches the user name so that it doesn t have to query the cloud connector for this user s future sessions. Fixed: the cloud service sets the user name to the value entered in the Application Settings tab. UseScript: the cloud service executes the user map script to determine the user name. The authentication method used by the web application. Possible return values: SAML UsernamePassword Global variables The cloud service creates a set of global variables for each SAML user session. These variables are synonyms for common attributes of the LoginUser and Application objects, and are a convenience: you can use a global variable instead of specifying a LoginUser attribute or using Application.Get() to read an Application attribute. Global Variable ApplicationUrl Issuer ServiceUrl A read-only variable that contains the contact URL specified in the URL field in the Application Settings tab. Synonymous with the Application attribute Url. A read-only variable that contains the entity ID specified in the Issuer field of the Application Settings tab. Synonymous with the Application attribute Issuer. A read-only variable that contains the contact URL specified in the URL field in the Application Settings tab. Synonymous with the Application attribute Url. Global methods The cloud service provides a set of global methods available in a SAML user session that specify elements within a SAML assertion. Assertion-set methods Assertion-set methods set the attributes of the private SAML assertion object in a user session. The assertion object specifies how the cloud service constructs the SAML assertion for this SAML user session. Most of these methods take as an argument the value for a specific SAML assertion element. setissuer(), for example, accepts an entity ID and uses it to specify the issuer URL in the SAML assertion. Two of the assertion set methods, setattribute() and setattributearray() specify a SAML response attribute by name and then specify a value for that attribute that is either a Cloud Manager user s guide 31

15 Scripting environment reference single argument or an array. Use these methods to add SAML assertion elements that can t be specified by any of the other assertion set methods. The following table lists global assertion-set methods available in a user session. Global Method setattribute(elementname, elementvalue) setattributearray(elementname, elementarray) setaudience(audience) setauthenticationmethod( authenticationuri) sethttpdestination(responseurl) setissuer(issuer) setnameformat(format) setrecipient(recipient) setrelaystate(relaystate) setserviceurl(targeturl) Sets a specified SAML assertion element to a value. Takes two arguments. The first is a string that specifies the name of a SAML assertion element to set, the second specifies that attribute s value. For example, setattribute( , LoginUser.Get( mail )); specifies the SAML assertion element named to be set to the current user s address. Sets a specified SAML assertion element to an array. Takes two arguments. The first is a string that specifies the name of a SAML assertion element to set, the second specifies an array as that attribute s value. For example, setattributearray('groups', LoginUser.GroupNames); specifies the SAML assertion element named Groups to be set to an array of group names in which the current user is a direct member. Specifies the audience in an audience restriction in the SAML assertion. This argument typically takes a URL such as Specifies the type of authentication used to authenticate the user. This takes a URI as described in section of the SAML 2.0 core specification. The same specification lists possible URI values in section 7.1. An example: urn:oasis:names:tc:saml:1.0:am:password specifies that the user was authenticated via password. Specifies the URL to which to post the SAML response in the response s HTTP POST binding (the value in the action= argument). Typically a URL provided by retrieving the Application property Url or by using the property s synonymous variable ServiceUrl. You can repeat this assertion-set method at the end of the script using a string to specify an absolute URI if you want to post the SAML response to a specific address, such as a proxy provided by a cloud access security broker (CASB). Specifies the issuer in the SAML assertion. Typically a URL provided by retrieving the Application property Issuer or by using the property s synonymous variable Issuer. Specifies the Format value (the value following Format= ) in the SAML assertion s NameID element. This element is only used in a SAML 2.0 assertion. Specifies the recipient in the SAML assertion s SubjectConfirmationData element. This typically takes a URL such as Specifies an optional RelayState parameter to send with the SAML response if specified by the service provider. This parameter is specified in section of Bindings and Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. Specifies the value for the TARGET form element (the resource requested for the user session) when posting the SAML response. This is typically a URL that is the same as that used for the sethttpdestination() method, typically retrieved through the Application property Url or by using the property s synonymous variable ServiceUrl. Chapter 151 SAML application scripting guide 32

16 Scripting environment reference Global Method setsignaturetype(signingpref) setsubjectconfirmationmethod( methoduri) setsubjectname(username) setversion(samlversion) Specifies what should be signed using a certificate: the SAML assertion or the SAML response that contains the assertion. The two possible values are Response or Assertion. The default is Response if this method isn t present in the script. Specifies the SAML confirmation method identifier for the SAML assertion s binding. This takes a URI as described in section of Bindings and Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. An example: urn:oasis:names:tc:saml:1.0:cm:bearer specifies the Bearer confirmation method. Specifies the subject in the SAML assertion, which is the user identity (user name) presented to the SAML web application. It s typically provided by retrieving the LoginUser.Username property or by using the property s synonymous variable UserIdentifier. Specifies the version of the SAML assertion. 1 specifies version 1.1, 2 specifies version 2.0. The default is 2 if this method isn t present in the script. Cloud Manager user s guide 33

User-password application scripting guide

User-password application scripting guide Chapter 2 User-password application scripting guide You can use the generic user-password application template (described in Creating a generic user-password application profile) to add a user-password

More information

Creating a generic user-password application profile

Creating a generic user-password application profile Chapter 4 Creating a generic user-password application profile Overview If you d like to add applications that aren t in our Samsung KNOX EMM App Catalog, you can create custom application profiles using

More information

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page 108-10.

SAP NetWeaver Fiori. For more information, see Creating and enabling a trusted provider for Centrify on page 108-10. Chapter 108 Configuring SAP NetWeaver Fiori The following is an overview of the steps required to configure the SAP NetWeaver Fiori Web application for single sign-on (SSO) via SAML. SAP NetWeaver Fiori

More information

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated. Chapter 87 Configuring Smartsheet The following is an overview of the steps required to configure the Smartsheet Web application for single sign-on (SSO) via SAML. Smartsheet offers both IdP-initiated

More information

Connected Data. Connected Data requirements for SSO

Connected Data. Connected Data requirements for SSO Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated

More information

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview) Chapter 83 WebEx This chapter includes the following sections: An overview of configuring WebEx for single sign-on Configuring WebEx for SSO Configuring WebEx in Cloud Manager For more information about

More information

Configuring. SugarCRM. Chapter 121

Configuring. SugarCRM. Chapter 121 Chapter 121 Configuring SugarCRM The following is an overview of the steps required to configure the SugarCRM Web application for single sign-on (SSO) via SAML. SugarCRM offers both IdP-initiated SAML

More information

Configuring Salesforce

Configuring Salesforce Chapter 94 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

More information

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview) Chapter 94 Intacct This section contains the following topics: "An overview of configuring Intacct for single sign-on" on page 94-710 "Configuring Intacct for SSO" on page 94-711 "Configuring Intacct in

More information

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce. Chapter 41 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

More information

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview) Chapter 190 WebEx This chapter includes the following sections: "An overview of configuring WebEx for single sign-on" on page 190-1600 "Configuring WebEx for SSO" on page 190-1601 "Configuring WebEx in

More information

SAML single sign-on configuration overview

SAML single sign-on configuration overview Chapter 46 Configurin uring Drupal Configure the Drupal Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with a Drupal-based web application. Configuration also specifies

More information

SAML single sign-on configuration overview

SAML single sign-on configuration overview Chapter 34 Configurin guring g Clarizen Configure the Clarizen Web-SAML application profile in Cloud Manager to set up single sign-on via SAML with Clarizen. Configuration also specifies how the application

More information

Configuring SuccessFactors

Configuring SuccessFactors Chapter 117 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors

More information

SAP NetWeaver AS Java

SAP NetWeaver AS Java Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is

More information

Configuring. Moodle. Chapter 82

Configuring. Moodle. Chapter 82 Chapter 82 Configuring Moodle The following is an overview of the steps required to configure the Moodle Web application for single sign-on (SSO) via SAML. Moodle offers SP-initiated SAML SSO only. 1 Prepare

More information

Configuring. SuccessFactors. Chapter 67

Configuring. SuccessFactors. Chapter 67 Chapter 67 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors

More information

Configuring Parature Self-Service Portal

Configuring Parature Self-Service Portal Configuring Parature Self-Service Portal Chapter 2 The following is an overview of the steps required to configure the Parature Self-Service Portal application for single sign-on (SSO) via SAML. Parature

More information

Sharepoint server SSO

Sharepoint server SSO Configuring g on-premise Sharepoint server SSO Chapter 99 You can now provide single sign-on to your on-premise Sharepoint server applications. This section includes the following topics: "An overview

More information

Microsoft Office 365 Using SAML Integration Guide

Microsoft Office 365 Using SAML Integration Guide Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

Configuring on-premise Sharepoint server SSO

Configuring on-premise Sharepoint server SSO Chapter 112 Configuring on-premise Sharepoint server SSO You can now provide single sign-on to your on-premise Sharepoint server applications. This section includes the following topics: "An overview of

More information

Configuring user provisioning for Amazon Web Services (Amazon Specific)

Configuring user provisioning for Amazon Web Services (Amazon Specific) Chapter 2 Configuring user provisioning for Amazon Web Services (Amazon Specific) Note If you re trying to configure provisioning for the Amazon Web Services: Amazon Specific + Provisioning app, you re

More information

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to ServiceNow Table of Contents

More information

Egnyte Single Sign-On (SSO) Installation for OneLogin

Egnyte Single Sign-On (SSO) Installation for OneLogin Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin

More information

SafeNet Authentication Manager

SafeNet Authentication Manager SafeNet Authentication Manager TECHNICAL BRIEF Using SafeNet Authentication Manager as Identity Provider for AirWatch Contents Description... 2 Single Sign-On Dataflow... 2 Identity Provider Configuration...

More information

How to pull content from the PMP into Core Publisher

How to pull content from the PMP into Core Publisher How to pull content from the PMP into Core Publisher Below you will find step-by-step instructions on how to set up pulling or retrieving content from the Public Media Platform, or PMP, and publish it

More information

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager Salesforce Cloud Connector Guide McAfee Cloud Identity Manager version 1.1 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 VMware Identity Manager JULY 2015 V1 Table of Contents Overview... 2 Passive and Active Authentication Profiles... 2 Adding

More information

SAML Authentication Quick Start Guide

SAML Authentication Quick Start Guide SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.

More information

Office 365 deployment checklists

Office 365 deployment checklists Chapter 128 Office 365 deployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of issues.

More information

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Configuration Guide - OneDesk to SalesForce Connector

Configuration Guide - OneDesk to SalesForce Connector Configuration Guide - OneDesk to SalesForce Connector Introduction The OneDesk to SalesForce Connector allows users to capture customer feedback and issues in OneDesk without leaving their familiar SalesForce

More information

Deploying RSA ClearTrust with the FirePass controller

Deploying RSA ClearTrust with the FirePass controller Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you

More information

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx Configuring Single Sign-on from the VMware Identity Manager Service to WebEx VMware Identity Manager SEPTEMBER 2015 V 2 Configuring Single Sign-On from VMware Identity Manager to WebEx Table of Contents

More information

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites Single Sign On (SSO) Implementation Manual For Connect 5 & MyConnect Sites Version 6 Release 5.7 September 2013 1 What is Blackboard Connect Single Sign On?... 3 How it Works... 3 Drawbacks to Using Single

More information

Egnyte Single Sign-On (SSO) Installation for Okta

Egnyte Single Sign-On (SSO) Installation for Okta w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Installation for Okta To set up Egnyte so employees can log in using SSO, follow the steps below to configure Okta and Egnyte to work with each other.

More information

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to AirWatch Applications

More information

Building Secure Applications. James Tedrick

Building Secure Applications. James Tedrick Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS

More information

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user

More information

SAML 2.0 SSO Deployment with Okta

SAML 2.0 SSO Deployment with Okta SAML 2.0 SSO Deployment with Okta Simplify Network Authentication by Using Thunder ADC as an Authentication Proxy DEPLOYMENT GUIDE Table of Contents Overview...3 The A10 Networks SAML 2.0 SSO Deployment

More information

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard Symplified I: Windows User Identity Matthew McNew and Lex Hubbard Table of Contents Abstract 1 Introduction to the Project 2 Project Description 2 Requirements Specification 2 Functional Requirements 2

More information

SAML Single-Sign-On (SSO)

SAML Single-Sign-On (SSO) C O L A B O R A T I V E I N N O V A T I O N M A N A G E M E N T Complete Feature Guide SAML Single-Sign-On (SSO) 1. Features This feature allows administrators to setup Single Sign-on (SSO) integration

More information

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services 1 HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided

More information

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0 Windows Live Cloud Identity Connector Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Windows Live Cloud Identity Connector User Guide Version 1.0 April, 2011 Ping Identity

More information

Office 365 deploym. ployment checklists. Chapter 27

Office 365 deploym. ployment checklists. Chapter 27 Chapter 27 Office 365 deploym ployment checklists This document provides some checklists to help you make sure that you install and configure your Office 365 deployment correctly and with a minimum of

More information

McAfee Cloud Identity Manager

McAfee Cloud Identity Manager SAML2 Cloud Connector Guide McAfee Cloud Identity Manager version 1.2 or later COPYRIGHT Copyright 2013 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Introduction and overview view of Citrix ShareFile provisioning. Preparing your Citrix ShareFile account for provisioning

Introduction and overview view of Citrix ShareFile provisioning. Preparing your Citrix ShareFile account for provisioning Chapter 119samanage Configuring g user provisioning for Citrix ShareFile This section includes the following topics: "Introduction and overview of Citrix ShareFile provisioning" on page 119-37 "Preparing

More information

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide Samsung KNOX EMM Authentication Services SDK Quick Start Guide June 2014 Legal notice This document and the software described in this document are furnished under and are subject to the terms of a license

More information

SAM Context-Based Authentication Using Juniper SA Integration Guide

SAM Context-Based Authentication Using Juniper SA Integration Guide SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

OpenLDAP Oracle Enterprise Gateway Integration Guide

OpenLDAP Oracle Enterprise Gateway Integration Guide An Oracle White Paper June 2011 OpenLDAP Oracle Enterprise Gateway Integration Guide 1 / 29 Disclaimer The following is intended to outline our general product direction. It is intended for information

More information

Installation & Configuration Guide Professional Edition

Installation & Configuration Guide Professional Edition Installation & Configuration Guide Professional Edition Version 2.3 Updated January 2014 Table of Contents Getting Started... 3 Introduction... 3 Requirements... 3 Support... 4 Recommended Browsers...

More information

QualysGuard SAML 2.0 Single Sign-On. Technical Brief

QualysGuard SAML 2.0 Single Sign-On. Technical Brief QualysGuard SAML 2.0 Single Sign-On Technical Brief Introduction Qualys provides its customer the option to use SAML 2.0 Single Sign On (SSO) authentication with their QualysGuard subscription. When implemented,

More information

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them. This chapter provides information about the Security Assertion Markup Language (SAML) Single Sign-On feature, which allows administrative users to access certain Cisco Unified Communications Manager and

More information

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML --------------------------------------------------------------------------------------------------------------------------- Contents Overview...

More information

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House

More information

Single Sign On for ShareFile with NetScaler. Deployment Guide

Single Sign On for ShareFile with NetScaler. Deployment Guide Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents

More information

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other. w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Installation for VMware Horizon To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to

More information

Centrify Mobile Authentication Services

Centrify Mobile Authentication Services Centrify Mobile Authentication Services SDK Quick Start Guide 7 November 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject

More information

OpenLogin: PTA, SAML, and OAuth/OpenID

OpenLogin: PTA, SAML, and OAuth/OpenID OpenLogin: PTA, SAML, and OAuth/OpenID Ernie Turner Chris Fellows RightNow Technologies, Inc. Why should you care about these features? Why should you care about these features? Because users hate creating

More information

Google Apps Deployment Guide

Google Apps Deployment Guide CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate

More information

SAML Authentication with BlackShield Cloud

SAML Authentication with BlackShield Cloud SAML Authentication with BlackShield Cloud Powerful Authentication Management for Service Providers and Enterprises Version 3.1 Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCARD

More information

SchoolBooking SSO Integration Guide

SchoolBooking SSO Integration Guide SchoolBooking SSO Integration Guide Before you start This guide has been written to help you configure SchoolBooking to operate with SSO (Single Sign on) Please treat this document as a reference guide,

More information

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN 1 Venkadesh.M M.tech, Dr.A.Chandra Sekar M.E., Ph.d MISTE 2 1 ResearchScholar, Bharath University, Chennai 73, India. venkadeshkumaresan@yahoo.co.in 2 Professor-CSC

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Single Sign-On Implementation Guide

Single Sign-On Implementation Guide Single Sign-On Implementation Guide Salesforce, Winter 16 @salesforcedocs Last updated: November 4, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark

More information

Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps

Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps May 2015 This guide includes: What is OAuth v2.0? What is OpenID Connect? Example: Providing OpenID Connect SSO to a Salesforce.com

More information

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) w w w. e g n y t e. c o m Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS) To set up ADFS so that your employees can access Egnyte using their ADFS credentials,

More information

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication

More information

Single Sign-On Implementation Guide

Single Sign-On Implementation Guide Single Sign-On Implementation Guide Salesforce, Summer 15 @salesforcedocs Last updated: July 1, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of

More information

Centrify Mobile Authentication Services for Samsung KNOX

Centrify Mobile Authentication Services for Samsung KNOX Centrify Mobile Authentication Services for Samsung KNOX SDK Quick Start Guide 3 October 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under

More information

Copyright Pivotal Software Inc, 2013-2015 1 of 10

Copyright Pivotal Software Inc, 2013-2015 1 of 10 Table of Contents Table of Contents Getting Started with Pivotal Single Sign-On Adding Users to a Single Sign-On Service Plan Administering Pivotal Single Sign-On Choosing an Application Type 1 2 5 7 10

More information

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG-201406--R001.

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG-201406--R001. Fairsail Implementer Microsoft Active Directory Federation Services 2.0 Version 1.92 FS-SSO-XXX-IG-201406--R001.92 Fairsail 2014. All rights reserved. This document contains information proprietary to

More information

Dell KACE K1000 System Management Appliance Version 5.4. Service Desk Administrator Guide

Dell KACE K1000 System Management Appliance Version 5.4. Service Desk Administrator Guide Dell KACE K1000 System Management Appliance Version 5.4 Service Desk Administrator Guide October 2012 2004-2012 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without

More information

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved. DualShield Integration Guide Copyright 2011 Deepnet Security Limited Copyright 2011, Deepnet Security. All Rights Reserved. Page 1 Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID,

More information

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by

More information

Security Assertion Markup Language (SAML) Site Manager Setup

Security Assertion Markup Language (SAML) Site Manager Setup Security Assertion Markup Language (SAML) Site Manager Setup Trademark Notice Blackboard, the Blackboard logos, and the unique trade dress of Blackboard are the trademarks, service marks, trade dress and

More information

Nevepoint Access Manager 1.2 BETA Documentation

Nevepoint Access Manager 1.2 BETA Documentation Nevepoint Access Manager 1.2 BETA Documentation Table of Contents Installation...3 Locating the Installation Wizard URL...3 Step 1: Configure the Administrator...4 Step 2: Connecting to Primary Connector...4

More information

Using SAML for Single Sign-On in the SOA Software Platform

Using SAML for Single Sign-On in the SOA Software Platform Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software

More information

PingFederate. IWA Integration Kit. User Guide. Version 3.0

PingFederate. IWA Integration Kit. User Guide. Version 3.0 PingFederate IWA Integration Kit Version 3.0 User Guide 2012 Ping Identity Corporation. All rights reserved. PingFederate IWA Integration Kit User Guide Version 3.0 April, 2012 Ping Identity Corporation

More information

Introduction to Directory Services

Introduction to Directory Services Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory

More information

How To - Implement Single Sign On Authentication with Active Directory

How To - Implement Single Sign On Authentication with Active Directory How To - Implement Single Sign On Authentication with Active Directory Applicable to English version of Windows This article describes how to implement single sign on authentication with Active Directory

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

Working with Indicee Elements

Working with Indicee Elements Working with Indicee Elements How to Embed Indicee in Your Product 2012 Indicee, Inc. All rights reserved. 1 Embed Indicee Elements into your Web Content 3 Single Sign-On (SSO) using SAML 3 Configure an

More information

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1 PingFederate Salesforce Connector Version 4.1 Quick Connection Guide 2011 Ping Identity Corporation. All rights reserved. PingFederate Salesforce Quick Connection Guide Version 4.1 June, 2011 Ping Identity

More information

OneLogin Integration User Guide

OneLogin Integration User Guide OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...

More information

Dell One Identity Cloud Access Manager How to Configure as an Identity Provider

Dell One Identity Cloud Access Manager How to Configure as an Identity Provider Dell One Identity Cloud Access Manager 8.1.1 - How to Configure as an Identity Provider January 2016 To provide end-users located on another network with access to your applications, you can configure

More information

Integrating Webalo with LDAP or Active Directory

Integrating Webalo with LDAP or Active Directory Integrating Webalo with LDAP or Active Directory Webalo can be integrated with an external directory to identify valid Webalo users and then authenticate them to the Webalo appliance. Integration with

More information

Centrify Cloud Management Suite

Centrify Cloud Management Suite Centrify Cloud Management Suite Installation and Configuration Guide April 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject

More information

Copyright: WhosOnLocation Limited

Copyright: WhosOnLocation Limited How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and

More information

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

DocuSign Single Sign On Implementation Guide Published: March 17, 2016 DocuSign Single Sign On Implementation Guide Published: March 17, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents

More information

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

VMware Identity Manager Administration

VMware Identity Manager Administration VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Cloud Authentication. Getting Started Guide. Version 2.1.0.06

Cloud Authentication. Getting Started Guide. Version 2.1.0.06 Cloud Authentication Getting Started Guide Version 2.1.0.06 ii Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

OAuth 2.0 Developers Guide. Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900

OAuth 2.0 Developers Guide. Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900 OAuth 2.0 Developers Guide Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900 Table of Contents Contents TABLE OF CONTENTS... 2 ABOUT THIS DOCUMENT... 3 GETTING STARTED... 4

More information

Administrator Guide. v 11

Administrator Guide. v 11 Administrator Guide JustSSO is a Single Sign On (SSO) solution specially developed to integrate Google Apps suite to your Directory Service. Product developed by Just Digital v 11 Index Overview... 3 Main

More information

Identity Implementation Guide

Identity Implementation Guide Identity Implementation Guide Version 35.0, Winter 16 @salesforcedocs Last updated: October 27, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of

More information

Configuring SAML2 for Single Sign On to Smartsheet (Enterprise Only)

Configuring SAML2 for Single Sign On to Smartsheet (Enterprise Only) Configuring SAML2 for Single Sign On to Smartsheet (Enterprise Only) This document is intended for technical professionals who are familiar with SAML and have access to the Identity Provider that will

More information

Configure Single Sign on Between Domino and WPS

Configure Single Sign on Between Domino and WPS Configure Single Sign on Between Domino and WPS What we are doing here? Ok now we have the WPS server configured and running with Domino as the LDAP directory. Now we are going to configure Single Sign

More information

Configuring Sponsor Authentication

Configuring Sponsor Authentication CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

More information