...
Start the configuration by creating a new site. Give a name to the site. E.g. ‘Extranet’. You may have several applications in this site
Expand title Show image Create a new application by clicking on “New Application…”
Expand title Show image Name it e.g. ‘Web Shop’, select Application type as ‘SAML Service Provider’ and check the ‘Enable’ check box. Click ‘OK’
Expand title Show image Activate the web application’s Metadata, either by uploading the xml file, or by pasting the content for the xml file
Expand title Show image Click ‘Update’ to save the configuration to finalize the metadata activation
...
Go to the ‘Authorization’ –tab now, and create a new policy e.g. ‘AP for the Web Shop’. Click ‘OK’. Next, go to ‘Attributes’ –tab to add the attributes which are forwarded to the application
Expand title Show image Attributes can be added to the Application’s Authorization Policy.
Expand title Show image (example attributes) Click ‘Add…’ and select the Application to use this authorization policy. Click ‘OK’
Expand title Show image
Adding Authentication Method
...
Enable the authentication method for the ‘Extranet’ -site by checking the check box in front of the method and click ‘OK’. Finally, press ‘Update’ -button below once the method has been added to the site
Expand title Show image Assign the method to the ‘Web Shop’ –application by selecting the ‘Applications’ -tab in the site. Select the application by clicking on it and select ‘Allowed Methods’ –tab
Select the authentication method and click ‘Update…’
Expand title Show image Click ‘Add…’ and select eIDMUser group (all users in CustomerID) to use this application and click ‘OK’.
Expand title Show image
Now the Web Shop application is integrated with Ubisecure SSO using SAML 2.0.
Next, pass the Ubisecure SSO metadata information to the application development if you haven’t done so.
Finnish Trust Network specific configurations
Trusted SAML 2.0 applications in Finnish Trust Network (FTN) can provide their friendly name to be shown in the login UI and sent as the display name for Authentication Methods by setting the Configuration String AllowFtnSpname
as true
. This can be done in the Management UI by adding AllowFtnSpname=true
to the last line in the Configuration String.
Configuration String | Since Version | Description |
---|---|---|
AllowFtnSpname | 8.10.0 | Can be Controls whether or not the value of If If Default is (i) (ii) |