Skip to content

SAML Server Integration

HySecure supports integration with the SAML server for users. Once integrated any user trying to connect to the HySecure Gateway will be authenticated by the SAML Server.

A SAML Assertion is the XML document containing user authorization that the identity provider sends to the service provider. There are three different types of SAML Assertions – authentication, attribute, and authorization decision.

To integrate SAML for single sign-on (SSO) authentication, the following information is required:

For the Service Provider (SP)

  • Entity ID: Unique identifier for the SP.
  • ACS URL: Endpoint for receiving SAML assertions.
  • Single Logout URL: Endpoint for logout requests.
  • SP Metadata: Includes entity ID, ACS URL, and certificate.

For the Identity Provider (IdP)

  • Entity ID: Unique identifier for the IdP.
  • SSO URL: Endpoint for initiating authentication.
  • SLO URL: Endpoint for logout requests.
  • IdP Metadata: Includes entity ID, SSO URL, and certificate.
  • Public Certificate: Used to sign SAML assertions.

Certificates

  • SP Certificate: For signing requests (if needed).
  • IdP Certificate: For signing responses.

Attributes/Claims

  • Attribute Names: Define user attributes in SAML assertions.
  • Attribute Mapping: Maps IdP attributes to SP attributes.

Metadata Exchange

  • SP Metadata URL: Where the IdP fetches SP metadata.
  • IdP Metadata URL: Where the SP fetches IdP metadata.

Security Configuration

  • Signature Algorithm: Specifies signing method.
  • Encryption Settings: For encrypting/decrypting SAML assertions.

Integration Details

  • SAML Binding: Communication method (e.g., HTTP-Redirect, HTTP-POST).
  • NameID Format: Identifier format for users.

SAML Server Integration Workflow

  1. Add an IdP Authentication Server and its relevant information.
  2. Select the configured SAML server as an Authentication Server while creating an Authentication Domain.
  3. Assign the Authentication Domain to a HySecure Domain.