Username, Password and One Touch
Performing this scenario will produce a SAML IDP with Username, Password and MFA through PhenixID One Touch. Authentication is done using either Active Directory, LDAP or SQL database as the primary userstore. Be sure to have configured "Keystore" & "SAML meta upload" scenarios prior to executing this scenario. A good idea is to enable either MFA admin or Selfservice for activating PhenixID One Touch tokens.
This article will use LDAP as the primary user store.
User search settings
Entity ID & POST SSO settings
Configure the entity id of this IDP. Note that this ID MUST be unique within the federation and installation of the PhenixID system.
Post SSO URL must be accessible for the clients targeted for this SAML federation. Pattern of the POST SSO URL must by in the format <http/https>://<host>/saml/authenticate/<unique_identifier>
The ending unique identifier is what is used by the system to route the request to the appropriate IDP.
Select one of the keystore uploaded earlier.
Enter the attribute used as the iser identifier. This is the attribute the user will enter at login. This is also the value that will be marked as the nameid in the assertion token. Any additional attributes incorporated in the assertion (SAML Attribute statement) is entered in the "Additional attributes" section. Multiple attributes are separated by comma.
Click create and after a couple of seconds the IDP is ready to handle incoming authentication requests.
Additional configuration or deletion is done by expanding the heading and clicking the desired name of what needs to be edited.