SAML
These properties are required when com.unraveldata.login.mode=saml.
Property/Description | Set by user | Unit | Default |
|---|---|---|---|
com.unraveldata.login.saml.config Fully qualified path to a SAML JSON file. | Optional | string (path) | - |
com.unraveldata.login.admins.saml.groups Grants read/write admin access to an AD user who belongs to a specified group. Value: a comma-separated list of groups. | CSL | - | |
com.unraveldata.login.admins.readonly.saml.groups Grants read-only admin access to an AD user who belongs to a specified group. Value: a comma-separated list of groups. | CSL | - | |
com.unraveldata.saml.groupFilter Restricts access to a few selected SAML groups. Example: secs-lab-admins, secs-lab-users. | CSL | By default, all SAML groups are allowed" |
Note
These properties are set in the saml.json file specified by com.unraveldata.login.saml.config.
Property/Description | Set by user | Unit | Default |
|---|---|---|---|
entryPoint Identity provider entry point, It must be specified in order to be spec-compliant when the request is signed. Example: "http://c24.unravel.com:9080/simplesaml/saml2/idp/SSOService.php" | Optional | - | |
issuer Issuer string to supply to identity provider (Environment name). Should match the name configured in ldp. Example: “Congo24”, “Localhost” , | Optional | - | |
cert IDP's public signing certificate. Example: Idp Cert String | Optional | - | |
unravel_mapping Mapping SAML attributes to Unravel attributes. Specific to unravel Integration. | - |
Example saml.json
{
"entryPoint": "http://c24.unravel.com:9080/simplesaml/saml2/idp/SSOService.php",
"logoutUrl": "http://c24.unravel.com:9080/simplesaml/saml2/idp/SingleLogoutService.php",
"issuer": "unravel-congo16",
"cert": "*****************",
"unravel_mapping": {
"username": "uid",
"groups": "eduPersonAffiliation"
},
"logoutEnabled": false
}