SAML provider

The SAML provider may be defined to use Maverics as a SAML IDP.

Configuration options

Issuer

issuer is the IDP who issues SAML assertions. This value is usually a URL.

Endpoints

endpoints must be unique, they are the paths this IDP will use to serve data to the client.

Metadata

The metadata is the URL which this SAML server serves its metadata file from. This is an optional configuration, if left unset connecting Service Providers will need to be manually configured.

Single Sign On Service

The singleSignOnService is the location of where service providers will send SAML authentication requests.

Single Logout Service

The singleLogoutService is the location of where service providers will send SAML logout requests.

Signature

signature defines the certificate and key used when signing SAML responses. By default, both the SAML response element and SAML assertion element will be signed.

ℹ️
The signature properties can be overridden on a per-app basis. Please see the SAML app docs for more info.

Certificate

certificate the x509 certificate used by SAML service providers to validate the signature of SAML response and assertions.

Private Key

privateKey is the RSA256 private key used to sign SAML assertions.

Disable Signed Response

disableSignedResponse a boolean value to disable the signing of the SAML response element.

Disable Signed Assertion

disableSignedAssertion a boolean value to disable the signing of the SAML assertion element.

Cache

cache is an optional field that defines the cache settings for the provider. If left undefined, the provider will use the default in-memory cache.

Examples

Basic SAML Provider Config Example

tls:
  maverics:
    certFile: /etc/maverics/certs/maverics.sonarsystems.co.crt
    keyFile: /etc/maverics/certs/maverics.sonarsystems.co.key

http:
  address: :443
  tls: maverics

samlProvider:
  issuer: https://maverics.sonarsystems.com
  endpoints:
    metadata: https://maverics.sonarsystems.com/idp/saml/metadata.xml
    singleSignOnService: https://maverics.sonarsystems.com/sso
    singleLogoutService: https://maverics.sonarsystems.com/slo
  signature:
    certificate: <your-cert>
    privateKey: <your-key>
  cache: redis