SAML provider (Local development)

  • 1 minute(s) read
Prev Next

The SAML provider may be defined to use Maverics as a SAML IDP.

Configuration options

Issuer

issuer is the IDP who issues SAML assertions. This value is usually a URL.

Endpoints

endpoints must be unique, they are the paths this IDP will use to serve data to the client.

Metadata

The metadata is the URL which this SAML server serves its metadata file from. This is an optional configuration, if left unset connecting Service Providers will need to be manually configured.

Single Sign On Service

The singleSignOnService is the location of where service providers will send SAML authentication requests.

Single Logout Service

The singleLogoutService is the location of where service providers will send SAML logout requests.

Signature

signature defines the certificate and key used when signing SAML responses. By default, both the SAML response element and SAML assertion element will be signed.

Key-pairs used for signing can be loaded from a secret provider, defined inline, or loaded from the file system. Only one of these methods can be used at a time.

The signature properties can be overridden on a per-app basis. Please see the SAML app docs for more info.

Certificate

certificate is the x509 certificate used by SAML service providers to validate the signature of SAML response and assertions.

Certificate File

certificateFile the x509 certificate used by SAML service providers to validate the signature of SAML response and assertions.

Private Key

privateKey is the RSA256 private key used to sign SAML assertions.

Private Key File

privateKeyFile is the path to the RSA256 private key file used to sign SAML assertions.

Disable Signed Response

disableSignedResponse a boolean value to disable the signing of the SAML response element.

Disable Signed Assertion

disableSignedAssertion a boolean value to disable the signing of the SAML assertion element.

Cache

cache is an optional field that defines the cache settings for the provider. If left undefined, the provider will use the default in-memory cache.

Examples

Basic SAML Provider Config Example

tls:
  maverics:
    certFile: /etc/maverics/certs/maverics.sonarsystems.co.crt
    keyFile: /etc/maverics/certs/maverics.sonarsystems.co.key

http:
  address: :443
  tls: maverics

samlProvider:
  issuer: https://maverics.sonarsystems.com
  endpoints:
    metadata: https://maverics.sonarsystems.com/idp/saml/metadata.xml
    singleSignOnService: https://maverics.sonarsystems.com/sso
    singleLogoutService: https://maverics.sonarsystems.com/slo
  signature:
    certificate: <your-cert>
    privateKey: <your-key>
  cache: redis

Related articles
  • SAML
    Local development resources > Configuration (Local development) > Connectors (Local development)
  • Duo (SAML)
    Identity Orchestration > Identity fabric
  • SAML (Local development)
    Local development resources > Configuration (Local development) > Applications (Local development)