SAML2.0 (Security Assertion Markup Language 2.0) is a cross-domain authentication and authorisation system based on security tokens. Next we will see how to configure SSO against the identity provider in Athento.
IP Requirements
The Identity Provider (IP) must provide the XML descriptor to be hosted in the Athento configuration. If it provides an accessible path to the descriptor, Athento can link directly to the IP URL, otherwise it would be enough to place the XML file in the Athento server itself to establish the configuration. To do so, we associate the URL or the file in the Athento configuration attributes: METADATA_AUTO_CONF_URL or METADATA_LOCAL_FILE_PATH.
Attribute Mapping
To set the Athento user configuration with the information coming from the IP, it is necessary to link the IP UserProfileMetadata to the Athento user properties. To do this we use the ATTRIBUTES_MAP attribute.
SAML2_AUTH = {
'METADATA_AUTO_CONF_URL': 'https://saml2.athento.com/site_media/athento-metadata2.xml',
'METADATA_LOCAL_FILE_PATH': '/etc/saml2/athento/athento-metadata2.xml',
'ASSERTION_URL': 'https://saml2.athento.com',
'CREATE_USER': 'TRUE',
'NEW_USER_PROFILE': {
'USER_GROUPS': []
},
'ENTITY_ID': 'https://saml2.athento.com/saml2sso/acs/',
'NAME_ID_FORMAT': None,
'FRONTEND_URL': 'https://saml2.athento.com',
'ATTRIBUTES_MAP': {
'email': 'mail',
'username': 'mail',
'first_name': 'givenName',
'last_name': 'sn',
}
}
Comments
0 comments
Article is closed for comments.