...

This page is a guide for configuring SAML 2.0 application integration in Ubisecure SSO.

This page does not explain how to create an application metadata or how to generate SAML requests. There are some open source toolkits available such as https://www.samltool.com/online_tools.php that can be used to generate and validate SAML requests and metadata.

Also it is good to understand what requests application’s SAML plug-in supports. Good to keep in mind that Ubisecure provides a plug-in SAML SP for Java application as well if neededa third-party application to use Ubisecure SSO as an IDP (identity provider). The third-party application will be in an SP (service provider) role.

Ubisecure SAML SP for Java is a Java library for integrating Java servlets and can be used if the calling application does not support natively support SAML2.

SAML 2.0 Agent Creation and Metadata Activation

Log in into Ubisecure SSO and follow the steps below to complete the task. You can obtain the IDP metadata of Ubisecure SSO

...

as file or link

...

from the [SAML 2.0], in the image in step 1 below.

...

Give this information, either the metadata file or the link, to the application integrator. The file contains only public key information and can be shared over insecure channels, as as unencrpyted email.

Start the configuration by creating a new site. Give a name to the site. E.g. ‘Extranet’. You may have several applications in this site

1. 
   

   Expand
   title Show image

   
   

2. Create a new agent by clicking on “New Agent…”

   Expand
   title Show image

   
   

3. Name it e.g. ‘Web Shop’, select Agent type as ‘SAML Service Provider’ and check the ‘Enable’ check box. Click ‘OK’

   Expand
   title Show image

   
   

4. Activate the web application’s Metadata, either by uploading the SAML2 SP xml file, or by pasting the content for of the xml file.

   Expand
   title Show image

   
   

5. Click ‘Update’ to save the configuration to finalize the metadata activation

   
   

Creating Authorization Policy

...

An Authorization policy determines which attributes will be sent to an application and in which format.

We will create an authorization policy for the site and add it to the application’s agent.

Go to the site level (Extranet), and select ‘Authorization’ –tab. Click ‘New Policy…’ and select ‘CustomerID password’. From now on all these methods added at the site level are available for activation for the applications in this Site

...

Now the Web Shop application is integrated with Ubisecure SSO using SAML 2.0.
Next, pass the Ubisecure SSO metadata information to the application development if you haven’t done soThe adminsitrator or application developer of the connected application must use the SAML2 IDP metadata to configure their application.