Skip to main content
Sign in

Search

RIVO Help

How can we help?

Set up SAML SSO in the created Enterprise application

Sandhyaselvi Kalaivanan
  • Updated
  1. Open the created Enterprise application
  2. In the left menu of the application, select Single sign-on
  3. Under Basic SAML Configuration (see Figure 9 - Basic SAML Configuration and  Figure 10 below), click Edit and fill in:
  4. Identifier (Entity ID)
  5. The value should be provided by Surecomp (see the paragraph Create Keycloak IdP broker above in this document) in the form like
  6. http://localhost:8080/auth/realms/surecomp/broker/gmail.com/endpoint

  7. Note: In practice, the protocol will be HTTPS, and all other relevant parts in the URL will be replaced with their actual values.

    Reply URL (Assertion Consumer Service URL) – the same as above

    Sign-on URL - not needed for Keycloak broker

    Logout Url (Optional)  - the value of RIVO logout URL, received from Surecomp

    Click Save

  8. Do not perform a test single sign-on, suggested by Azure at this stage
  9. Scroll to "Attributes & Claims" and click on the value of Unique User Identifier (Name ID) – see Figure 12 below.

  1. Choose name identifier format Persistent.

    Choose Source attribute user.objectid

    Note: With the described setup values of NameID in the SAML Responses will be UUID-like stable opaque IDs.

    Click Save.

  2. Setup Nameidentifier Claim : nameidentifier claim should be configured
  3. Setup Email Address Attribute : Make sure that the claim emailaddress already exists and is properly configured
  4. Copy the value of App Federation Metadata Url 

Comments

0 comments

Please sign in to leave a comment.