help.sitevision.se hänvisar alltid till senaste versionen av Sitevision
Identity Provider, also called IdP, stores all user account and password information. The IdP's task is to authenticate users and issue a so-called "SAML ticket" that indicates that the user is logged in. Examples of IdP services are ADFS, Portwise, and Mobilityguard.
Before you begin setting up SAML in SiteVision (SP), you need to have working IdP metadata. Below you will find an example of a working IdP metadata.
The SAML ticket contains information about the user and is needed for authentication. It is by using the SAML ticket that the user is authenticated and assigned to a Virtual group for permissions.
The following must be included in the SAML ticket when the user arrives at SiteVision:
In order to present data about the user, it is our recommendation that you also send the following attributes:
The GDPR legislation
With the new stricter approach to the storage of personal data, we discourage you from using an identifier that contains information that can be linked to the individual user. This especially applies if you use SiteVision Cloud.
* Be sure to select a unique identifier for the user that does not change. If it changes, the user will receive a new social profile in the use of Social Collaboration.
Here you can see an example of a working SAML ticket with information from the local directory service. A ticket usually contains more information, but to make it easier to read, we have replaced some parts with points.
The Groups attribute is not mandatory. However, if you want to permission control the website for different groups in the directory service, this is a must.
In the Groups attribute, send the groups that the user belongs to in the directory service. Then create Virtual groups in SiteVision to which they are matched. The virtual groups are, in turn, linked to permission roles on the pages of the website. Read more about Virtual groups here.
Using Firefox’s add-on "SAML Tracer" you can easily review a SAML ticket after the user has logged into their IdP. Great for troubleshooting! The equivalent is also available for Chrome in the form of SAML Message Decoder.
Help with the configuration of IdP is not included in SiteVision Support.
The page published: