You are here
You are here
Configuring SpringCM for an Identity Provider
As part of setting up SAML 2.0 Federated SSO, a onetime configuration must be done by a Super Administrator in the SpringCM account preferences. To navigate to the SAML configuration options, click on Preferences and then choose the SAML SSO sub tab. You should see something similar to screenshot below. In the Identity Provider Configuration section there are four items to configure:
- Select Issuing Certificate – This is the public key certificate file used to verify authentication responses from the Identity Provider. Best practices dictates that a dedicated folder be created in the SpringCM Documents tree to store the certificate and then secured only to Super Administrators. The certificate should be uploaded to this folder and then chosen in this screen. Only documents with a ".cer" or ".cert" can be selected
- Issuer – This is the unique identifier of the Identity Provider
- Service Provider (SP) Initiated Endpoint – This is the Identity Provider URL that SpringCM will Post-Redirect the client to during when SP-Initiated SSO is invoked. At runtime, a SAML Authentication Request is sent asking the Identity Provider to authenticate the user and send a SAML Response.
- SAML Enabled – Determines if SAML SSO is active in the account or not.