A SAML IDP server is configured at the users auth-servers saml-idp level.
To create an SAML IDP auth server, use the following command:
Admin@nodename# create users auth-server saml-idp <parameter>
Provide the following parameters:
Parameter |
Description |
---|---|
name |
SAML IDP server name. |
enabled |
Enable/disable the auth server. |
description |
Auth server description. |
metadata-url |
The URL on the SAML IDP server from where an XML file with a valid configuration for this SAML service provider (client) can be downloaded. |
certificate |
The certificate that will be used on the SAML client. |
sso-url |
The URL that is used on the SAML IDP server as the single login point. For more details, see the documentation for your SAML IDP server. |
sso-binding |
The method used to work with a SSO single login point. Options: POST and Redirect. For more details, see the documentation for your SAML IDP server. |
slo-url |
The URL used on the SAML IDP server as the single logout point. For more details, see the documentation for your SAML IDP server. |
slo-binding |
The method used to work with a SSO single logout point. Options: POST and Redirect. For more details, see the documentation for your SAML IDP server. |
To update information about a SAML IDP server, use the following command:
Admin@nodename# set users auth-server saml-idp <saml-idp-server-name> <parameter>
The parameters you can update are the same as those used to create an auth server.
To display information about a SAML IDP server, use the following command:
Admin@nodename# show users auth-server saml-idp <saml-idp-server-name>
Example commands to create and edit a SAML IDP server:
Admin@nodename# create users auth-server saml-idp name "New SAML IDP server" slo-url http://logout.example.org sso-url http://login.example.o rg enabled on Admin@nodename# show users auth-server saml-idp "New SAML IDP server" name : New SAML IDP server enabled : on certificate : Unused sso-url : http://login.example.org sso-binding : post slo-url : http://logout.example.org slo-binding : post Admin@nodename# set users auth-server saml-idp "New SAML IDP server" description "New SAML IDP server description" Admin@nodename# show users auth-server saml-idp "New SAML IDP server" name : New SAML IDP server description : New SAML IDP server description enabled : on certificate : Unused sso-url : http://login.example.org sso-binding : post slo-url : http://logout.example.org slo-binding : post
To delete a server, use the following command:
Admin@nodename# delete users auth-servers saml-idp <saml-idp-server-name>