SAML SP installation - SSO

Requirements

System requirements can be found on the Release Notes page.

Unpacking the software

Required Files

  • ubispservlet-<version>.zip
    The Service Provider software package
    Extract the contents of the package into a folder of your choice.

Package contents

  • ubispservlet/apidocs/index.html (prior v.3.0: ubispservlet/doc/api/index.html)
    Java API documentation in HTML format
  • ubispservlet/webapp/
  • ubispservlet/webapp/WEB-INF/web.xml
    A deployment descriptor example with SAML SP integration entries.
  • ubispservlet/webapp/WEB-INF/lib/*.jar
    SAML SP binary libraries to be copied to the WEB-INF/lib directory of the web application.
  • ubispservlet/webapps/WEB-INF/classes/logback.xml
    Logger configuration for SAML SP.
  • ubispservlet/tools/metadata-generator.js a tool to generate identity properties and SP metadata.

Things to Consider About Your Environment

There are a number of environment specific issues that might affect configuration and installation of the SAML SP.

  1. Is the server clock synchronized automatically?
    The SAML assertions have a very strict time window of validity and there can be virtually no time skew between the IDP and the SAML SP. Using automatic time synchronization is a requirement.
  2. Does the server network use HTTP proxies?
    HTTP proxies affect how Java services (such as the configuration tool) can access external network resources, the way browser IP addresses are seen by application servers and so on. Contact your local network administrator to check how HTTP proxies affect your environment.
  3. Do the IDP and your application server see the same client browser IP address?
    The default configuration of the SAML SP expects that both IDP and the SAML SP see the same client browser IP address. This would not be the case if for an example the SAML SP is installed behind a NAT, while the IDP is in public internet. See Network address tolerance to change the way client IP addresses are checked.

This web page (including any attachments) may contain confidential, proprietary, or privileged information – not for disclosure without authorization from Ubisecure Inc. Copyright © 2024. All Rights Reserved.