help.sitevision.se hänvisar alltid till senaste versionen av Sitevision
SAML stands for Security Assertion Markup Language and is an XML-based open standard for exchanging authentications and permissions.
SAML is a federated login method that organises your own login against AD, without the need for direct contact with AD. If a visitor navigates to an address that requires login, they are sent on to the customer's IDP (located in the customer's own environment) where the visitor logs in. When the login is complete, a form with signed information is sent to SiteVision.
You can create virtual groups in a variety of ways.
As a first test when setting up SAML settings, it's a good idea to add all logged-in users via SAML and try logging in. Enter SAML in uppercase so the ID for the Virtual group consists of all people who log in Via SAML.
Giving entire groups in the directory service access through Virtual groups is straightforward. This allows you to assign permissions to a page or structure to all users in the group.
Fill in the names of the attribute values for the attribute that you set as group attribute in the JAAS module. For example, if the group attribute name is groups, use what is under AttributeValue. Here are 2 group names, SVredaktorerEkonomi and SVadmin:
<saml:Attribute Name="groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic
It is important to specify the EXACT name of the group attribute value.
You can use an e-mail address to create a Virtual group for a single user.
Enter an e-mail address in the Id field.
You can use the domain in an e-mail address to create a virtual group based on all users with a specific e-mail address.
Type the address after @ (domain) as the Id so that all users with that address are associated with the Virtual group.
The page published: