help.sitevision.se always refers to the latest version of Sitevision

Settings idP

Identity Provider, also called IdP, stores all user account and password information. The IdP's task is to authenticate users and issue a so-called "SAML ticket" that indicates that the user is logged in. Examples of IdP services are ADFS, Portwise, and Mobilityguard.

IdP metadata

Before you begin setting up SAML in SiteVision (SP), you need to have working IdP metadata. Below you will find an example of a working IdP metadata.

idp metadata

SAML ticket

The SAML ticket contains information about the user and is needed for authentication. It is by using the SAML ticket that the user is authenticated and assigned to a Virtual group for permissions.

The following must be included in the SAML ticket when the user arrives at SiteVision:

  • An attribute called "urn:oid:0.9.2342.19200300.100.1.1".
    In the attribute value, enter the user's unique identity *

  • A Subject, "NameID", must also be entered. This should also be added to the user's unique identity *. It is also important that you specify the format of the information. See sample of SAML ticket below.

In order to present data about the user, it is our recommendation that you also send the following attributes:

  • givenName = First name
  • sn = Last name
  • mail = mail address

The GDPR legislation
With the new stricter approach to the storage of personal data, we discourage you from using an identifier that contains information that can be linked to the individual user. This especially applies if you use SiteVision Cloud.

Learn more about inappropriate identifiers here.

* Be sure to select a unique identifier for the user that does not change. If it changes, the user will receive a new social profile in the use of Social Collaboration.

For example

Here you can see an example of a working SAML ticket with information from the local directory service. A ticket usually contains more information, but to make it easier to read, we have replaced some parts with points.

SAML-biljett exempel

The Groups attribute in the SAML ticket

The Groups attribute is not mandatory. However, if you want to permission control the website for different groups in the directory service, this is a must.
In the Groups attribute, send the groups that the user belongs to in the directory service. Then create Virtual groups in SiteVision to which they are matched. The virtual groups are, in turn, linked to permission roles on the pages of the website. Read more about Virtual groups here.

Other settings in IdP

  • The hashing algorithm must be set to SHA256
  • Sitevision’s encryption certificate is not public and may therefore have to be imported into trusted root.

Using Firefox’s add-on "SAML Tracer" you can easily review a SAML ticket after the user has logged into their IdP. Great for troubleshooting! The equivalent is also available for Chrome in the form of SAML Message Decoder.

Help with the configuration of IdP is not included in SiteVision Support.

The page published:

 Print page
Did the information help you?