Configuring an SAML IDP server

A SAML IDP server is configured at the users auth-servers saml-idp level.

To create an SAML IDP auth server, use the following command:

Admin@nodename# create users auth-server saml-idp <parameter>

Provide the following parameters:

Parameter

Description

name

SAML IDP server name.

enabled

Enable/disable the auth server.

description

Auth server description.

metadata-url

The URL on the SAML IDP server from where an XML file with a valid configuration for this SAML service provider (client) can be downloaded.

certificate

The certificate that will be used on the SAML client.

sso-url

The URL that is used on the SAML IDP server as the single login point. For more details, see the documentation for your SAML IDP server.

sso-binding

The method used to work with a SSO single login point. Options: POST and Redirect. For more details, see the documentation for your SAML IDP server.

slo-url

The URL used on the SAML IDP server as the single logout point. For more details, see the documentation for your SAML IDP server.

slo-binding

The method used to work with a SSO single logout point. Options: POST and Redirect. For more details, see the documentation for your SAML IDP server.

To update information about a SAML IDP server, use the following command:

Admin@nodename# set users auth-server saml-idp <saml-idp-server-name> <parameter>

The parameters you can update are the same as those used to create an auth server.

To display information about a SAML IDP server, use the following command:

Admin@nodename# show users auth-server saml-idp <saml-idp-server-name>

Example commands to create and edit a SAML IDP server:

Admin@nodename# create users auth-server saml-idp name "New SAML IDP server" slo-url http://logout.example.org sso-url http://login.example.o rg enabled on Admin@nodename# show users auth-server saml-idp "New SAML IDP server" name : New SAML IDP server enabled : on certificate : Unused sso-url : http://login.example.org sso-binding : post slo-url : http://logout.example.org slo-binding : post Admin@nodename# set users auth-server saml-idp "New SAML IDP server" description "New SAML IDP server description" Admin@nodename# show users auth-server saml-idp "New SAML IDP server" name : New SAML IDP server description : New SAML IDP server description enabled : on certificate : Unused sso-url : http://login.example.org sso-binding : post slo-url : http://logout.example.org slo-binding : post

To delete a server, use the following command:

Admin@nodename# delete users auth-servers saml-idp <saml-idp-server-name>