IdP Configuration Cheatsheet

In this section:

Service Provider Details (SD Elements)
Identity Provider Details
- Single Sign-On Service
- Single Logout Service

The SD Elements SAML metadata file will contain all the essential information required to the configure the IdP.

SD Elements will work with all identity providers that are SAML 2.0 compliant, such as AD FS. Relay State is supported and used if the SP-Initiated authentication type is selected.

Service Provider Details (SD Elements)

Entity ID

https://<SDE-INSTANCE>/sso/saml2/metadata/

Assertion Consumer Service

Endpoint that supports the profiles of the Authentication Request protocol. Used by the identity provider to respond to an Authentication Request.

Binding	Location	Response Location
HTTP-POST	https://<SDE-INSTANCE>/sso/saml2/acs/	None

Binding

Location

Response Location

HTTP-POST

https://<SDE-INSTANCE>/sso/saml2/acs/

None

Single Logout Service

Endpoints that support the Single Logout profiles. Used by the identity provider to initiate a Logout Request to terminate the user’s session.

Binding	Location	Response Location
HTTP-Redirect	https://<SDE-INSTANCE>/sso/saml2/ls/	None
HTTP-POST	https://<SDE-INSTANCE>/sso/saml2/ls/post/	None

Binding

Location

Response Location

HTTP-Redirect

https://<SDE-INSTANCE>/sso/saml2/ls/

None

HTTP-POST

https://<SDE-INSTANCE>/sso/saml2/ls/post/

None

SAML Attributes

Name	Description	Required
email	User’s email	Yes
firstname	User’s first name	No
lastname	User’s last name	No

Name

Description

Required

User’s email

Yes

firstname

User’s first name

lastname

User’s last name

Signing or Encryption public certificate

Available in the metadata file: https://<SDE-INSTANCE>/sso/saml2/metadata/

Signed Authentication Requests

Used by the SP-Initiated authentication type. Configurable in the SSO Settings form for SAML.

Signed Logout Requests

Logout requests from SD Elements are not signed by default.

To add support for signed logout requests in SD Elements 4.16 and below, please contact support@sdelements.com.

Identity Provider Details

Single Sign-On Service

Endpoints that support the profiles of the Authentication Request protocol. Used by the service provider to initiate an Authentication Request. SD Elements supports both HTTP-Redirect and HTTP-POST bindings to the endpoints.

If SOAP binding is required, please contact support@sdelements.com.

Single Logout Service

Endpoints that support the Single Logout profiles. At least one endpoint must be provided when using the SP-Initiated authentication type. Used by the service provider to initiate a Logout Request.

SD Elements supports both HTTP-Redirect and HTTP-POST bindings to the endpoints.

Name ID

User’s email address. This field is not used by SD Elements unless the SAML_USE_NAME_ID_AS_USERNAME setting is specified.

Recipient

Required in the SAML Response. This should be the service provider’s assertion consumer service URL.

IdP Configuration Cheatsheet

IdP Configuration Cheatsheet

Service Provider Details (SD Elements)

Entity ID

Assertion Consumer Service

Single Logout Service

SAML Attributes

Signing or Encryption public certificate

Signed Authentication Requests

Signed Logout Requests

Identity Provider Details

Single Sign-On Service

Single Logout Service

Name ID

Recipient

results matching ""

No results matching ""