Overview
This document outlines the specifications of Accops SAML Service Provider (SP) support and provides steps to configure external SAML IDP server in Accops HySecure for authentication.
What is a SAML Assertion?
A SAML Assertion is the XML document that the identity provider sends to the service provider that contains the user authorization. There are three different types of SAML Assertions – authentication, attribute, and authorization decision.
-
Authentication assertions prove identification of the user and provide the time the user logged in and what method of authentication they used (I.e., Kerberos, 2 factor, etc.)
-
Attribution assertion passes the SAML attributes to the service provider – SAML attributes are specific pieces of data that provide information about the user.
-
Authorization decision assertion says if the user is authorized to use the service or if the identify provider denied their request due to a password failure or lack of rights to the service.
Accops uses following attributes in Attribution Assertions
-
username: the unique User ID attribute that is used to map all policies
-
email : Email ID of the user used for sending OTP or alerts
-
mobile number : User’s phone number for sending OTP if enabled
The flow of SAML authentication is as give below
Accops SAML SP Specifications
Following are key specifications
| Item | Details | |
|---|---|---|
| SAML Protocol Version | 2.0 | |
| Signing Algorithms | SHA1, SHA256 | |
| Encryption Algorithms | SHA256 and AES | |
| Request Binding Support |
|
|
| Requesting Signing support | Yes |