Provides steps for importing the service provider metadata into the GridGuard system
Obtain the metadata file
The service provider should be able to provide you with a metadata file that can be imported into the GridGuard system. A typical metadata file is shown above.
If a metadata file cannot be provided, they should at a minimum provide you with the following:
- ACS URL
- Encryption Certificate
Creating the Service Provider configuration Endpoint
- Select the SAML Configuration option
- Right-click and select the '+ Add' option
Configuring the service provider node
Steps for configuring the service provider endpoint:
- Provide a name used to identify the service provider endpoint. Use a simple name with just numbers, alphabets a-z, and underscores and hyphens as this name will be used as part of multiple URLs.
- Specify the signing certificate that will be used to sign identity assertions that will be returned to the service provider.
- If a metadata file has been provided to you, import the file by first selecting the file (+Choose) and then uploading it (using the Upload button). Importing the metadata should automatically populate values for the Entity ID and ACS URL
- If the metadata can be downloaded from a URL, specify the Import SP metadata URL and click the Go button to automatically import the configuration
- If the SAML service provider doesn't create SAML metadata, you can generate a SAML metadata file manually at the following URL to be used with GridGuard: https://www.samltool.com/sp_metadata.php
- Set the validity time to the time, in minutes, the SAML session is valid.
- Set the realm to the GridGuard realm that will be used to authenticate the user. Multiple realms can be selected.
- Set the NameIdentifier to the value of the attribute that will be used to uniquely identify the user in the service provider's system. This must be common across all realms if multiple realm are selected.
- Check if the identity assertion should be signed
- Check if the identity assertion should be encrypted
- If additional attributes need to be included in the identity assertion, provide a mapping of attribute names and value. For details on how to add additional attributes, please refer to this link.
- Click the '+ Add Service Provider' button to add the service provider
- Click 'Apply Changes' to apply configuration changes