User Portal SAML Configuration

From idenprotect Knowledge Base
Jump to: navigation, search

If you have not made any configuration changes yet, please see How to make configuration changes

Introduction

The idenprotect User Portal has been configured to work as a Service Provider which means that it requires SAML authentication in order to be accessed. If you install the idenprotect Core Platform, idenprotect Authentication Portal (the Identity Provider) and idenprotect User Portal on the same server, this is configured to work out of the box with minimal changes required. As long as the version you are running is 3.11.0 and above, you will have access to a Quick Start Wizard (more details in the Idenprotect Core Platform Quick Start Guide) which will help you set this up and complete a test.

For more information about Identity Providers and Service Providers, see our guide on SAML Integration

This article provides information on how you can make changes to this configuration as well as providing the defaults should you wish to revert back.


idenprotect Core Platform Configuration

Only the default configuration is provided here as the full information on how to configure Service Providers and the descriptions for each of the properties can be found in Authentication Portal Service Provider Configuration

User Portal as a Service Provider
Parameter Default Value
Name User Portal Host
Type SAML
Entity ID {userPortalHost}saml/metadata
ACS {userPortalHost}
SSO URL {userPortalHost}
SAML Sign On Binding HTTP-Post
SAML Log Out Binding HTTP-Post
Permitted authentication types Only idenprotect login is selected by default


User Portal Configuration

The User Portal's side of the SAML configuration can be changed in the following location:

  • Server file system in /etc/idenprotect/userportal/saml.properties
Parameters for SAML
Parameter in Properties File Default Value Description
user.portal.hostname userportal.domain.com The User Portal's hostname. Note that in Single Server installations, modifying the idenprotect Core Platform's Server URL/IP Address in Config Configuration will update this value
security.saml2.metadata-url https://localhost:8083/idp/metadata Where the User Portal should obtain the Metadata for the Authentication Portal
saml.key-store.name idenprotect.jks The name of the key store
saml.keystore.key-alias idenprotect The name of the certificate in the key store
saml.key-store-password lockbox The password for the key store
saml.idp.login.url https://localhost:8083/idp/login Where the User Portal should redirect to complete login
saml.idp.logout.url https://localhost:8083/idp/logout Where the User Portal should redirect to complete logout
saml.allow.self.signed.certs true Whether the User Portal should accept self-signed certificates for completing SAML