...
Info | |||||
---|---|---|---|---|---|
This authentication plugin supports both redirecting to configured SAML Identity Providers ( see Federations ) with generated SAML Request to ask them to authenticate a user, and it supports receiving SAML Responses from configured SAML Service Providers in order to let them request a SAML Response. The following query/post parameters are supported for redirecting to SAML Service Providers:
|
...
Default: none
JSON key: identityprovider.name
Redirect URL
URL that the identity provider should redirect the user back to after authenticating
Default: none
JSON key: redirecturl
Enable federation of identity to service providers
When enabled, an identified users identity can be federated to a service provider, and a serviceprovider can send a SAML request to us to ask for identity
Default: true
JSON key: federation.enabled
Tip | ||
---|---|---|
Tip | ||
To get the name from a query parameter, specify a script like this:
|
Info | ||
---|---|---|
When using another site as Identity Provider, and Ceptor as Service Provider to that site, the following additional query/post parameters can be specified when calling the URL that triggers this plugin:
For passive binding (which is the default), the redirect to the Identity Providers federation URL will be done, adding these query parameters:
For the passive binding, no SAML Request will be transmitted. for redirect / GET binding, the redirect to the Identity Providers federation URL will be done, adding the following query parameters:
Note that the SAML request will be signed/encrypted according to the query/POST input parameters signrequest and encryptrequest. for POST binding, a form is return that autosubmits sending a POST requst to the Identity Providers federation URL with the following parameters:
Note that the SAML request will be signed/encrypted according to the query/POST input parameters signrequest and encryptrequest. |
Redirect URL
URL that the identity provider should redirect the user back to after authenticating
Default: none
JSON key: redirecturl
Enable federation of identity to service providers
When enabled, an identified users identity can be federated to a service provider, and a serviceprovider can send a SAML request to us to ask for identity
Default: true
JSON key: federation.enabled
Tip |
---|
This authentication plugin can be used both when using Ceptor as a relying party / service provider and when using Ceptor as an Identity Provider where the user is already authenticated. When Ceptor is an Identity Provider, the plugin receives and processes a SAML Request for authentication. |
...
Tip | ||
---|---|---|
By using a script such as
you can allow the name to be specified on a query parameter. |
...