Table of Contents
← Hide Table of Contents
SAML 2.0 Integration Configuration
From this screen, select "SAML 2.0" from the "Single Sign-On Method" drop-down to enable SAML 2.0 integration. Change this to "Disabled" to disable single sign-on support.
Once "SAML 2.0" has been selected, you'll be provided with a number of settings. If you've previously used our SAML Test Tool some of these settings may already be populated for you.
Identity Provider (IdP) Settings
Complete this section with data supplied by your Identity Provider.Metadata
Paste into this field either the Metadata URL or the raw XML Metadata generated and provided by your Identity Provider.The Metadata should include the Assertion Consumer Service (ACS) URL indicated in the "Service Provider Settings" below.
Certificate
Paste the public certificate provided by your Identity Provider into this field.Service Provider (SP) Settings
Assertion Consumer Service (ACS) URL
This is the specific endpoint on the Service Provider (SP) where the Identity Provider (IdP) redirects the user's browser after successful authentication, along with the SAML assertion. The ACS is essentially the location where the SP processes and validates the SAML response from the IdP.When using the SAML Test tool, this should reflect the URL at which the SAML Test tool is accessed.
When using MIDAS, the ACS url will instead be the URL of your MIDAS system.
Private Key / Certificate
You'll need to generate a Private Key and Public Certificate pair, which will be stored with your MIDAS system. This is subsequently used to encrypt and authenticate data between MIDAS (the Service Provider) and your SAML 2.0 Identity Provider.Clicking the "Generate" button will generate a new Private Key / Public Certificate pair. This will attempt to automatically use OpenSSL on your server in the first instance. If OpenSSL isn't available on your server, the SAML Test tool will fallback to using MIDAS servers to generate a unique Private Key / Public Certificate pair for you.
If you don't wish to use the 'Generate' button and instead want to manually generate a Private Key / Public Certificate pair, you can execute the following OpenSSL command:
> openssl req -newkey rsa:2048 -nodes -keyout "sp-private-key.txt" -x509 -days 365 -out "sp-certificate.txt" -subj "/C=US/O=Organization/CN=your.midas.domain" 2>&1
Adjust the parts shown in blue in the above command to reflect your Country, Organization Name, and MIDAS domain respectively.
This command will generate two files; "sp-private-key.txt" and "sp-certificate.txt". The contents of these files can then be manually copied and pasted into the "Private Key" and "Certificate" Server Provider (SP) fields accordingly in the SAML Test tool.
MIDAS Settings
Assign user permissions from
If a new MIDAS user authenticates via your Identity Provider for the first time, you can select a user group from which to assign permissions to the new user account.Update User Permissions upon each authentication
If enabled, then each time a user authenticates via your Identity Provider, their MIDAS user account permissions will be reset to the current permissions from the selected user group in the above setting.If disabled, then no user permissions will be changed when users authenticate via your Identity Provider.