SAMLHeadlessSSO

SSO authenticator creating assertion based on current session.

Properties

Name Description Default value Mandatory
idpID ID of IdP configuration to use
YES
pipeID
ID of pipe creating assertion
YES
authURL
URL to redirect to if no session exist.

YES

Example Configuration

// AUTHENTICATORS
{
    "id": "auth_sso_01",
    "alias": "sso",
    "name": "SAMLHeadlessSSO",
    "displayName": "SSO",
    "configuration": {
        "idpID": "c133328c-0823-4368-9045-9a0a8ddc52c",
        "pipeID": "auth_sso_pipe",
        "authURL": "https://host/saml/authenticate/idp"
    }
}
// PIPES
{
    "id" : "auth_sso_pipe",
    "description" : "Pipe for SAML SSO",
    "name" : "Pipe for SAML SSO",
    "enabled" : "true",
    "config" : { },
    "valves" : [ {
	  "name": "SessionLoadValve",
	  "config" : {
	    "id" : "{{request.session_id}}",
	    "require_session" : "true",
	    "require_auth_session" : "false"
				}
	}, {
      "name" : "ItemCreateValve",
      "config" : {
        "dest_id" : "{{session.user_id}}"
      }
    }, {
      "name" : "PropertyAddValve",
      "config" : {
        "name" : "uid",
        "value" : "{{session.user_id}}"
      }
    }, {
      "name" : "PropertyAddValve",
      "config" : {
        "name" : "mail",
        "value" : "{{session.mail}}"
      }
    }, {
      "name" : "AssertionProvider",
      "enabled" : "true",
      "config" : {
        "targetEntityID" : "c133328c-0823-4368-9045-9a0a8ddc52c",
        "nameIDAttribute" : "uid",
        "additionalAttributes" : "mail"
      }
    } ]
  }
Click to copy

Requirements