Versions Compared

Old Version 36

changes.mady.by.user Madhuri Dange

Saved on

compared with

New Version 37

changes.mady.by.user Madhuri Dange

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

SAML (Security Assertion Markup Language) 2.0 SSO (Single Sign-On) minimizes the number of times a user has to login to various websites. It does this by having the user manually login to one site (called the identity provider or IDP) and then automatically logs the user into one or more other sites (called service providers or SPs), without having to provide credentials. A trust relationship must exist between the identity provider and the service providers, such that the Service providers trust that the identity provider has authenticated the user. SAML 2.0 supports two single sign-on flows:

...

  • SPIssuer - nvarchar(100) - required - The value of the Issuer element in SAML messages from the SP.
  • SPPublicKey - nvarchar(max) - if this record is for an IDP, this is the X509 certificate to use for validating messages from the SP.
  • SPACSURL - nvarchar(200) - if this record is for an IDP, this is the location the assertion will be delivered to when authentication is successful.
  • SPSSOBinding - nvarchar(10) - POST or GET - the HTTP protocol the assertion should be delivered on.
  • SPSupportLogoutResponse - bit - if true and this record is for an IDP, the IDP will generate a LogoutResponse message.
  • SPLogoutResponseURL - nvarchar(200) - the location the LogoutResponse message should be delivered to
  • SPLogoutBinding - nvarchar(10) - POST or GET - the HTTP protocol the LogoutResponse message should be delivered on.

Use below Public Key:
 -----BEGIN CERTIFICATE-----

MIIF1zCCA7+gAwIBAgIJAO7bFs87n8vCMA0GCSqGSIb3DQEBCwUAMIGBMQswCQYDVQQGEwJVUzELMAkGA1UECAwCRkwxFzAVBgNVBAcMDlN0LiBQZXRlcnNidXJnMRgwFgYDVQQKDA9Db21tdW5pdHlCcmFuZHMxFDASBgNVBAsMC0Nyb3dkV2lzZG9tMRwwGgYDVQQDDBNDV19TQU1MX1NFTEZfU0lOR0VEMB4XDTIwMDQyMDE4MTA0N1oXDTQwMDQxNTE4MTA0N1owgYExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJGTDEXMBUGA1UEBwwOU3QuIFBldGVyc2J1cmcxGDAWBgNVBAoMD0NvbW11bml0eUJyYW5kczEUMBIGA1UECwwLQ3Jvd2RXaXNkb20xHDAaBgNVBAMME0NXX1NBTUxfU0VMRl9TSU5HRUQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/ymabmUzlziPRelAg7RuMhF/Oto7NLhm305oNK7kLlb6zYpuQv0POn0TBXJXOIL21VZIdFcDw8lfOCV1kja7WUYA7W7BUwd+4wtfDR4Kj3LNuTME3BjqU+C1sKvgFTko8wPi0iuagZkNuwDx3Zz6FGydGQxPVQZIilrT22HSp+pSxA4Ydb2ijY44waGnt2gI/NRsNx00rrWV0+H5FOd/l34ofLjm/fhuztYkiduxLjj8jXLrO41E0K0vY2V/mkhiJAnb8mg3xC+0RF2s1gamCEOyrUBK0I0pzZ1sDQEvleVrz/eA/bjUZJ9Sxa+VLqUxPjS+T5JHk9LGNAUsZEqaUmegy9RGMDQfq1cx9ZB9lmDBVRoh4i1EU39uHPWnf06sECuM3gHsBH3x9GxiQE5uX19t0fp0ZqIdcqm/eH9RYaza4lbU5ZoWTBnrMK07UEp7TDCQVDtn/c4LioBuLxB5FZXiBTYGC6dCKtjhjAP3FUCU6bteewA0xaRvdMdEUsBHtv8UDVq+duW27GGEEUGWJczAOUadaeAcj3oQFXv7Lpvmya1nwlmJx28fqkZ+AifIg6WsZBbPTLFctevOdjkzxBr9BYQC/a0AyNJbWDixqeEMU110qft/xYLeXT6vtz8043ZddzbA/1gotifurxezbgSfIT8EIX/2/qQXZZrqgLwIDAQABo1AwTjAdBgNVHQ4EFgQUtx6jFw9De0+3EAjez4McAyJfGpMwHwYDVR0jBBgwFoAUtx6jFw9De0+3EAjez4McAyJfGpMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAMUY6OJIzzH4C9DsZKYFkAGobFMGobK/UXA75+k9SIbU7PJ7iznoclEIu/2v31LAXVsLhrLGXs4NFt42H1ZQRAboKaXybC2/biRmkw3lYefeNL3vylbp14M54G3REayT4ZR8GVIxqW7c1eJ8Vb6Xpp5RC/UjajnwSMhnIw91Hj+d/Y3YXOMo+EfeYG5CakU8CE3oQV9csuVo2qS9rLZ8E6DiJtvO643b1HvhFrZax6waD/R+hn4IVB8jkoFSd/9zudNP6S11sj3k1Hu03Tvpd1H3npMJhFN8xMmLllenfMHM3ay2aV1szsJ18QLwz8dQTI55X1SsSxvGSrQwIeVfW9a/xRiYyc4jTR2fBmBC/Qnn8nAFNZevO8NKF3cAxKxBipuArj/qDCjcu/DSF327epayzaJbDO5OraUsYeYjqKCF74P7yw/2hbj6orWJJJKyhDaIsfzZsZX3cdlJfmc5/pqN7+SBjZRM8uo7DKFXqfkGgM152kVOz5fxW6Xz7TBKGC6dk2nm4tjpNxOItKABgpT+Lg2DhqUcmqoo4sEfdE1i1t88/CWB+W1EnenCbfE9HdR8A4ZV+wXbmYMGIfnUHUUHJ0wcIsbN8pkBNTmAsiil9tNBh4gBj7uiOcM61ZYcp321E0fU4QtJXWb6mkV9Ev3+V7xlU5iDlbmcvh1AXc5M=

-----END CERTIFICATE-----

Info
titleNot Required Fields

Following fields are not required:

  • IDPPublicKey - nvarchar(max) - If this record is for a SP, this is the X509 certificate to use for validating messages from the SP. (Not Reqd for AMS as IDP)
  • IDPLogoutRequestURL - nvarchar(200) - The location the LogoutRequest message should be delivered to. (Not Reqd for AMS as IDP)
  • IDPLogoutRequestBinding - nvarchar(10) - POST or GET - the Http protocol the LogoutRequest message should be delivered on. (Not Reqd for AMS as IDP)

...

Dump a .pfx certificate file in some folder, specify the full path of the Private Key File in the SAML configuration record under General Tab. The corresponding password should be updated in the Private Key Password field in SAML record.OR use below public certificate keys:
Image Removed

Provide below details as per your configuration:

Name: SAML_SSO_ClassicEbiz

Issue Name: ClassicEbizSSO

Assertion Consumer Service URL: https://aptify.precrowdwisdom.com/diweb/gateway

Single Logout Service URL: https://aptify.precrowdwisdom.com/diweb/signoff

Public Key:
 -----BEGIN CERTIFICATE-----

MIIF1zCCA7+gAwIBAgIJAO7bFs87n8vCMA0GCSqGSIb3DQEBCwUAMIGBMQswCQYDVQQGEwJVUzELMAkGA1UECAwCRkwxFzAVBgNVBAcMDlN0LiBQZXRlcnNidXJnMRgwFgYDVQQKDA9Db21tdW5pdHlCcmFuZHMxFDASBgNVBAsMC0Nyb3dkV2lzZG9tMRwwGgYDVQQDDBNDV19TQU1MX1NFTEZfU0lOR0VEMB4XDTIwMDQyMDE4MTA0N1oXDTQwMDQxNTE4MTA0N1owgYExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJGTDEXMBUGA1UEBwwOU3QuIFBldGVyc2J1cmcxGDAWBgNVBAoMD0NvbW11bml0eUJyYW5kczEUMBIGA1UECwwLQ3Jvd2RXaXNkb20xHDAaBgNVBAMME0NXX1NBTUxfU0VMRl9TSU5HRUQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/ymabmUzlziPRelAg7RuMhF/Oto7NLhm305oNK7kLlb6zYpuQv0POn0TBXJXOIL21VZIdFcDw8lfOCV1kja7WUYA7W7BUwd+4wtfDR4Kj3LNuTME3BjqU+C1sKvgFTko8wPi0iuagZkNuwDx3Zz6FGydGQxPVQZIilrT22HSp+pSxA4Ydb2ijY44waGnt2gI/NRsNx00rrWV0+H5FOd/l34ofLjm/fhuztYkiduxLjj8jXLrO41E0K0vY2V/mkhiJAnb8mg3xC+0RF2s1gamCEOyrUBK0I0pzZ1sDQEvleVrz/eA/bjUZJ9Sxa+VLqUxPjS+T5JHk9LGNAUsZEqaUmegy9RGMDQfq1cx9ZB9lmDBVRoh4i1EU39uHPWnf06sECuM3gHsBH3x9GxiQE5uX19t0fp0ZqIdcqm/eH9RYaza4lbU5ZoWTBnrMK07UEp7TDCQVDtn/c4LioBuLxB5FZXiBTYGC6dCKtjhjAP3FUCU6bteewA0xaRvdMdEUsBHtv8UDVq+duW27GGEEUGWJczAOUadaeAcj3oQFXv7Lpvmya1nwlmJx28fqkZ+AifIg6WsZBbPTLFctevOdjkzxBr9BYQC/a0AyNJbWDixqeEMU110qft/xYLeXT6vtz8043ZddzbA/1gotifurxezbgSfIT8EIX/2/qQXZZrqgLwIDAQABo1AwTjAdBgNVHQ4EFgQUtx6jFw9De0+3EAjez4McAyJfGpMwHwYDVR0jBBgwFoAUtx6jFw9De0+3EAjez4McAyJfGpMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAMUY6OJIzzH4C9DsZKYFkAGobFMGobK/UXA75+k9SIbU7PJ7iznoclEIu/2v31LAXVsLhrLGXs4NFt42H1ZQRAboKaXybC2/biRmkw3lYefeNL3vylbp14M54G3REayT4ZR8GVIxqW7c1eJ8Vb6Xpp5RC/UjajnwSMhnIw91Hj+d/Y3YXOMo+EfeYG5CakU8CE3oQV9csuVo2qS9rLZ8E6DiJtvO643b1HvhFrZax6waD/R+hn4IVB8jkoFSd/9zudNP6S11sj3k1Hu03Tvpd1H3npMJhFN8xMmLllenfMHM3ay2aV1szsJ18QLwz8dQTI55X1SsSxvGSrQwIeVfW9a/xRiYyc4jTR2fBmBC/Qnn8nAFNZevO8NKF3cAxKxBipuArj/qDCjcu/DSF327epayzaJbDO5OraUsYeYjqKCF74P7yw/2hbj6orWJJJKyhDaIsfzZsZX3cdlJfmc5/pqN7+SBjZRM8uo7DKFXqfkGgM152kVOz5fxW6Xz7TBKGC6dk2nm4tjpNxOItKABgpT+Lg2DhqUcmqoo4sEfdE1i1t88/CWB+W1EnenCbfE9HdR8A4ZV+wXbmYMGIfnUHUUHJ0wcIsbN8pkBNTmAsiil9tNBh4gBj7uiOcM61ZYcp321E0fU4QtJXWb6mkV9Ev3+V7xlU5iDlbmcvh1AXc5M=

-----END CERTIFICATE-----

POC of SSO between Sitefinity having e-Business classic installed & e-Business 6.0 – Non SAML

...