User Portal SAML Configuration
If you have not made any configuration changes yet, please see How to make configuration changes
Introduction
The idenprotect User Portal has been configured to work as a Service Provider which means that it requires SAML authentication in order to be accessed. If you install the idenprotect Core Platform, idenprotect Authentication Portal (the Identity Provider) and idenprotect User Portal on the same server, this is configured to work out of the box with minimal changes required. As long as the version you are running is 3.11.0 and above, you will have access to a Quick Start Wizard (more details in the Idenprotect Core Platform Quick Start Guide) which will help you set this up and complete a test.
For more information about Identity Providers and Service Providers, see our guide on SAML Integration
This article provides information on how you can make changes to this configuration as well as providing the defaults should you wish to revert back.
idenprotect Core Platform Configuration
Only the default configuration is provided here as the full information on how to configure Service Providers and the descriptions for each of the properties can be found in Authentication Portal Service Provider Configuration
| Parameter | Default Value |
|---|---|
Name
|
User Portal Host |
Type
|
SAML |
Entity ID
|
{userPortalHost}saml/metadata |
ACS
|
{userPortalHost} |
SSO URL
|
{userPortalHost} |
SAML Sign On Binding
|
HTTP-Post |
SAML Log Out Binding
|
HTTP-Post |
Permitted authentication types
|
Only idenprotect login is selected by default |
User Portal Configuration
The User Portal's side of the SAML configuration can be changed in the following location:
- Server file system in
/etc/idenprotect/userportal/saml.properties
| Parameter in Properties File | Default Value | Description |
|---|---|---|
user.portal.hostname
|
userportal.domain.com | The User Portal's hostname. Note that in Single Server installations, modifying the idenprotect Core Platform's Server URL/IP Address in Config Configuration will update this value |
security.saml2.metadata-url
|
https://localhost:8083/idp/metadata | Where the User Portal should obtain the Metadata for the Authentication Portal |
saml.key-store.name
|
idenprotect.jks | The name of the key store |
saml.keystore.key-alias
|
idenprotect | The name of the certificate in the key store |
saml.key-store-password
|
lockbox | The password for the key store |
saml.idp.login.url
|
https://localhost:8083/idp/login | Where the User Portal should redirect to complete login |
saml.idp.logout.url
|
https://localhost:8083/idp/logout | Where the User Portal should redirect to complete logout |
saml.allow.self.signed.certs
|
true | Whether the User Portal should accept self-signed certificates for completing SAML |
