SyferLock Help Center

Importing Service Provider Metadata

Provides steps for importing the service provider metadata into the GridGuard system

Obtain the metadata file

Obtain the metadata file

The service provider should be able to provide you with a metadata file that can be imported into the GridGuard system. A typical metadata file is shown above.

If a metadata file cannot be provided, they should at a minimum provide you with the following:

  1. ACS URL
  2. Encryption Certificate

Creating the Service Provider configuration Endpoint

Creating the Service Provider configuration node
  1. Select the SAML Configuration option
  2. Right-click and select the '+ Add' option

Configuring the service provider node

Configuring the service provider node

Steps for configuring the service provider endpoint:

  1. Provide a name used to identify the service provider endpoint. Use a simple name with just numbers, alphabets a-z, and underscores and hyphens as this name will be used as part of multiple URLs.
  2. Specify the signing certificate that will be used to sign identity assertions that will be returned to the service provider.
  3. If a metadata file has been provided to you, import the file by first selecting the file (+Choose) and then uploading it (using the Upload button). Importing the metadata should automatically populate values for the Entity ID and ACS URL
  4. If the metadata can be downloaded from a URL, specify the Import SP metadata URL and click the Go button to automatically import the configuration
  5. If the SAML service provider doesn't create SAML metadata, you can generate a SAML metadata file manually at the following URL to be used with GridGuard: https://www.samltool.com/sp_metadata.php
  6. Set the validity time to the time, in minutes, the SAML session is valid.
  7. Set the realm to the GridGuard realm that will be used to authenticate the user. Multiple realms can be selected.
  8. Set the NameIdentifier to the value of the attribute that will be used to uniquely identify the user in the service provider's system. This must be common across all realms if multiple realm are selected.
  9. Check if the identity assertion should be signed
  10. Check if the identity assertion should be encrypted
  11. If additional attributes need to be included in the identity assertion, provide a mapping of attribute names and value. For details on how to add additional attributes, please refer to this link.
  12. Click the '+ Add Service Provider' button to add the service provider
  13. Click 'Apply Changes' to apply configuration changes
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk