SAML provider
The SAML provider may be defined to use Maverics as a SAML IDP.
Configuration options
Issuer
issuer is the IDP who issues SAML assertions. This value is usually a URL.
Endpoints
endpoints must be unique, they are the paths this IDP will use to serve data to the client.
Metadata
The metadata is the URL which this SAML server serves its metadata file from.
This is an optional configuration, if left unset connecting Service Providers will need to be manually configured.
Single Sign On Service
The singleSignOnService is the location of where service providers will send SAML authentication requests.
Single Logout Service
The singleLogoutService is the location of where service providers will send SAML logout requests.
Signature
signature defines the certificate and key used when signing SAML responses. By default,
both the SAML response element and SAML assertion element will be signed.
Certificate
certificate the x509 certificate used by clients to validate the signature of SAML assertions.
Private Key
privateKey is the RSA256 private key used to sign SAML assertions.
Disable Signed Response
disableSignedResponse a boolean value to disable the signing of the SAML response element.
Disable Signed Assertion
disableSignedAssertion a boolean value to disable the signing of the SAML assertion element.
Cache
cache is an optional field that defines the cache settings for the provider.
If left undefined, the provider will use the default in-memory cache.
Examples
Basic SAML Provider Config Example
tls:
maverics:
certFile: /etc/maverics/certs/maverics.sonarsystems.co.crt
keyFile: /etc/maverics/certs/maverics.sonarsystems.co.key
http:
address: :443
tls: maverics
samlProvider:
issuer: https://maverics.sonarsystems.com
endpoints:
metadata: https://maverics.sonarsystems.com/idp/saml/metadata.xml
singleSignOnService: https://maverics.sonarsystems.com/sso
singleLogoutService: https://maverics.sonarsystems.com/slo
signature:
certificate: <your-cert>
privateKey: <your-key>
cache: redis