SAML

The Security Assertion Markup Language (SAML), is an open standard that allows security credentials to be shared by multiple computers across a network. It describes a framework that allows one computer to perform some security functions on behalf of one or more other computers. These include: 

  • Authentication: Determining that the users are who they claim to be. 
  • Authorization: Determining if users have the right to access certain systems or content.   

There are several ways of Authentication which MDO supports e.g. username/password authentication, SAML based Single Sign On, LDAP/Windows AD, OAuth2 etc.  

Prerequisites: 

  • The latest federation meta data from client is required.  
  • Entity id may or may not exist in the federation meta data. If it does not exist, this needs to be obtained from the client. 

SAML Configuration 

A user can define parameters to seup single sign on between MDO and other third-party applications. 

To set up new SAML configuration, follow these steps: 

  1. Login with administrator credentials. 
  2. Click on the Settings icon at top right corner on the Home page. 
  3. From the left menu bar, select Advanced.  
  4. Click SAML Configuration Add New Configuration. 
  5. Select Browse to upload the XML file provided by the client application. 
  6. Enter the application description in IDP Alias Name column. IDPA Alias Name is used to uniquely identify all applications interacting with the same AD server. 
  7. Enter Entity IDThe Entity ID is the combination of alias name and company code and is used by AD to check which application is requesting access. 
  8. Default IDP URL value is automatically generated based on the uploaded XML file. 
  9. Select your IDP Server Token Signing Certificate from the dropdown in the IDP Server Token Signing Certificate List section. The list of all certificates in the uploaded XML file gets automatically added to this list. 
  10. Manually enter the IDP Server Token Signing Certificate. 
  11. Choose security profile descriptor in the Security Profile sections. 
  12. Choose whether the response from AD server should be encrypted in the Required Signed Artifact Resolve section. 
  13. Click on Save to save the configuration. 
  14. Click on Download Metadata to download all information related to the configuration in an XML format. 
  15. Click on Generate URL to generate the URL for the page where you want to redirect.