What is SAML 2.0?
The inSided Community SAML scheme is based on SAML 2.0 and supports the SP Redirect Request; IdP POST scenario. SAML 2.0 is an open standard for exchanging authentication and authorization data between parties - in particular, between an identity provider and a service provider. The specification can be found here.
- Service Provider: the side that needs the authentication from third-party service to grant authorization to the user (Community).
- Identity Provider: the other side that creates, maintains, and manages users identity information (Server).
SAML 2.0 Flow Representation
In order to understand how the SAML 2.0 process integrates into the overall Community SSO architecture (i.e. Steps #1-3 in the diagram below) please see Single Sign-on (SSO): Getting Started.
Community redirects User to the Single Sign On URL with GET attaching generated AuthnRequest (see XML example at bottom of this article).
Server authenticates the User and obtains consent/authorization.
Server fetches user Profile data
Server generates SAML Response and sends it to Assertion Consumer Service URL with POST
Community receives SAML Response (see XML example at bottom of this article), validates it by using Public Key and extracts id
Assertion Consumer Service URL can be taken from Service Provider Metadata (AssertionConsumerService.Location) or from AuthnRequest (AssertionConsumerServiceURL).
After retrieving the Profile data, Community starts #Step 3 of Community Single Sign-on.
How to Configure SAML 2.0 on inSided
- Set up a SAML 2.0 compatible Server with the following endpoints:
- Single Sign-On.
- You can find the Service Provider Metadata by logging into the inSided Control environment as an administrator, and navigating to Integrations > SSO > SAML 2.
Service Provider Metadata
You can get this metadata from inSided both as a URL and a download.
Community (inSided) configuration
- Log in to Control as an Administrator
- Go to Integrations > SSO > SAML 2.
- Fill in the following required fields:
- Single Sign On URL
- Public Key (Identity Provider public key in X.509 format)
- Press install.
Once you’ve installed your configuration, we recommend using the built-in inSided SSO testing tool before you enable SSO for end users.
Permissions required to configure SAML 2.0 on inSided
You must have a community account with the ‘Administrator’ permission in order to configure SAML 2.0 SSO on inSided.