Versions Compared

Old Version 1

changes.mady.by.user ubisebastian

Saved on

compared with

New Version 2

changes.mady.by.user Arto Vainiolehto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Start the configuration by creating a new site. Give a name to the site. E.g. ‘Extranet’. You may have several applications in this site

    Expand
    titleShow image


    Image Modified



  2. Create a new application by clicking on “New Application…

    Expand
    titleShow image


    Image Modified



  3. Name it e.g. ‘Web Shop’, select Application type as ‘SAML Service Provider’ and check the ‘Enable’ check box. Click ‘OK

    Expand
    titleShow image


    Image Modified



  4. Activate the web application’s Metadata, either by uploading the xml file, or by pasting the content for the xml file

    Expand
    titleShow image


    Image Modified



  5. Click ‘Update’ to save the configuration to finalize the metadata activation


...

  1. Go to the ‘Authorization’ –tab now, and create a new policy e.g. ‘AP for the Web Shop’. Click ‘OK’. Next, go to ‘Attributes’ –tab to add the attributes which are forwarded to the application

    Expand
    titleShow image


    Image Modified



  2. Attributes can be added to the Application’s Authorization Policy.

    Expand
    titleShow image (example attributes)


    Image Modified



  3. Click ‘Add…’ and select the Application to use this authorization policy. Click ‘OK

    Expand
    titleShow image


    Image Modified



Adding Authentication Method

...

  1. Enable the authentication method for the ‘Extranet’ -site by checking the check box in front of the method and click ‘OK’. Finally, press ‘Update’ -button below once the method has been added to the site

    Expand
    titleShow image


    Image Modified



  2. Assign the method to the ‘Web Shop’ –application by selecting the ‘Applications’ -tab in the site. Select the application by clicking on it and select ‘Allowed Methods’ –tab

  3. Select the authentication method and click ‘Update…

    Expand
    titleShow image


    Image Modified



  4. Click ‘Add…’ and select eIDMUser group (all users in CustomerID) to use this application and click ‘OK’.

    Expand
    titleShow image


    Image Modified



Now the Web Shop application is integrated with Ubisecure SSO using SAML 2.0.

Next, pass the Ubisecure SSO metadata information to the application development if you haven’t done so.

Finnish Trust Network specific configurations

Trusted SAML 2.0 applications in Finnish Trust Network (FTN) can provide their friendly name to be shown in the login UI and sent as the display name for Authentication Methods by setting the Configuration String AllowFtnSpname as true. This can be done in the Management UI by adding AllowFtnSpname=true to the last line in the Configuration String.

Image Added

Configuration StringSince VersionDescription
AllowFtnSpname8.10.0

Can be true or false.

Controls whether or not the value of spname (i) is allowed to be used as the friendly name for the application.

If true, then the value of spname is used as the friendly name of the application and overrides any value of mdui:DisplayName (ii).

If false, then the value of spname is ignored.

Default is false.

 (i) spname is a shortened form for the Authentication Request extension element /samlp:AuthnRequest/samlp:Extensions/ftn/spname.

 (ii) mdui:DisplayName is a shortened form for the Service Provider Metadata extension element /md:EntityDescriptor/md:SPSSODescriptor/md:Extensions/mdui:UIInfo/mdui:DisplayName.