Versions Compared

Old Version 1

changes.mady.by.user Keith Uber

Saved on

compared with

New Version Current

changes.mady.by.user Risto Peltomäki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

IDP Initiated SSO using SAML2


An unsolicited SSO can be done by sending a valid SAML response message to the address:

Code Block
https://www.example.com/uas/saml2/SessionRelayService?entityID=urn:uuid:3A97e9cf6b-5218-4cb8b0b9-bab5d35e6c9b&RelayState=/insert/home/page/here&locale=sv


where:-

  • entityID has to be application objects entityID from Ubisecure SSO Management UI

...

  • RelayState is relative address on target application server where browser is redirected(so called deep linking)

...

  • locale is users used language (optional)
  • isPassive true/false (optional, default false)
  • forceAuthn true/false (optional, default false)
  • oneTimeUse true/false (optional, default false)
  • template - SSO UI template to be used (optional)

You can map this address to a nicer shorter URL using any other tools (by redirect).

...

Code Block
https://sso.example.com/uas/saml2/SessionRelayService?entityID=https://sso.example.com/uas/saml2/names/ac/saml.companyx.1&RelayState=/uas/saml2/SessionRelayService?entityID=urn:uuid:6c524df0-4625-32a8-87ef-705b3523e4b2%26RelayState=/app/protected

WS-Federation Passive Requester Profile

The WS-Federation Passive Requester Profile is used for initiating a login request. A request is formed at the PassiveRequestorService endpoint:

...


Because the WS-Federation request is not signed and is thus easily spoofed by any party, the integrated application should check and compare each value of the response to ensure it met the requested parameters.

OAuth2 Applications

For OAuth2 applications, use the Authorization Request URL to initiate the process and acr_values to select the desired authentication method.

Code Block
https://sso.example.com/uas/oauth2/authorization?response_type=code&scope=openid&client_id=2001221477
&redirect_uri=https://client.example.com/response&state=40e1bfc0-4587-4859-be08-a58e3fffa37a&max_age=0&prompt=login&display=popup&ui_locales=en&acr_values=2&login_hint=user@example.com


Info

Filter by label (Content by label)
showLabelsfalse
max5
spacesKNB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("unsoliticed","sso") and type = "page" and space = "KNB"
labelssso unsoliticed

...