Versions Compared

Old Version 2

changes.mady.by.user Arto Vainiolehto

Saved on

compared with

New Version Current

changes.mady.by.user ubisebastian

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: small update for renamed ubisaml2.jar

An Overview of the Configuration Files

...

Code Block
languagetext
titleListing 3. Creating the Service Provider identity
cd <webapp_directory>\WEB-INF
mkdir saml2\sp
java -jar lib\sso-ubisaml2.jar Generate https://sp.example.com/webapp/spsso -o saml2\sp

...

Code Block
languagetext
titleListing 4. Write the SAML metadata of the Service Provider to the c:\temp\sp.xml file
cd <webapp_directory>\WEB-INF
java -jar lib\sso-ubisaml2.jar Metadata saml2\sp -f c:\temp\sp.xml

...

Figure 3. The SAML Service Provider ID field now shows the Entity ID of your SP

Finnish Trust Network specific configurations

Trusted OpenID Connect applications in Finnish Trust Network (FTN) can provide their friendly name to be shown in the login UI and sent as the display name for Authentication Methods by setting Configuration String AllowFtnSpname as true. To do this in the Management UI, add AllowFtnSpname=true to the last line in Configuration String.

Image Removed

Configuration StringSince VersionDescriptionAllowFtnSpname8.10.0

Can be true or false.

Controls whether or not the value of spname (i) is allowed to be used as the friendly name for the application.

If true, then the value of spname is used as the friendly name of the application and overrides any value of mdui:DisplayName (ii).

If false, then the value of spname is ignored.

Default is false.

 (i) spname is a shortened form for the Authentication Request extension element /samlp:AuthnRequest/samlp:Extensions/ftn/spname.

 (ii) mdui:DisplayName is a shortened form for the Service Provider Metadata extension element /md:EntityDescriptor/md:SPSSODescriptor/md:Extensions/mdui:UIInfo/mdui:DisplayName.

Get the Metadata of the Identity Provider

...

If your application uses an attribute authority (AA) for attribute queries, you should copy the AA metadata to /WEB-INF/saml2/sp/metadata folder together with the IDP metadata file. The name of each file is insignificant, but should have the suffix .xml.

Key rotation

In order to use Key Rotation feature and update IDP/AA metadata automatically a ".href" file must exist. Don't be confused with the file extension since it is just a normal properties file in "key=value" format.

The file must be located at the same directory as the IDP/AA metadata file:

/WEB-INF/saml2/sp/metadata


The following properties are supported in ".href" file:


Value type
entityIdstring

An entity identifier. Should be taken from IDP/AA metadata:

<md:EntityDescriptor entityId="https://localhost:8443/uas"...>
type- IDP (Identity Provider);
- AA (Attribute Authority).		An entity type.
urlstring

A URL to fetch metadata from. The same URL where SAML 2.0 IDP/AA metadata was fetched initially.

See "Get the Metadata of the Identity Provider" step.

refreshIntervalnumberAn interval in seconds to fetch the metadata.

The example:

Code Block
titleuas.href
entityId=https://localhost:8443/uas
type=AA
url=https://localhost:8443/uas/saml2/metadata.xml
refreshInterval=20