Setting Security Assertion Markup Language (SAML)
Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application. This auth configuration is often used in AppBase to integrate with external authentication providers, for example, ADFS.
You can set up multiple SAML auth configurations and use all of them at the same time.
Adding a SAML
- On the top right, navigate to
→ Manage Users - On the left, navigate to User Management → Auth Configurations
- Click on the Add SAML button.
In the Common section, enter the configuration
Field Description Hostname This value should match the hostname you use for the AppBase. AppBase uses requests hostname to find a tenant so please make sure the hostname you use for AppBase URLs you configured on the server match with the value you configured in this text box.
Issuer Url Please use the trusted identifier
Application Url URL to redirect a user upon successful authentication.
AppBase New Users Onboarding Select accordingly
- Disabled: Does not allow to onboard new users
- Self Onboarding: Any Identity provider legitimately authenticated user can register himself to AppBase after completion of the form
- Invitation Only: Allows completing the onboarding process for pre-configured users who received the link and invitation code
AppBase Authentication Failure Behavior Show a standard AppBase generic error page. Signature Digest Method Select according to the certificate encryption. Signature Method Select according to the certificate encryption. Use Certificate Select "Manual Uploading". It will allow you to upload the certificate. In the Auth Request section
Field Description Authentication Context Class Name Select the authentication accordingly
- Password
- TLS Client
- X509
- Windows
- Kerberos
Set Service Provider to Identity Provider Binding Select the authentication accordingly
- HTTP-Redirect
- HTTP-POST
- HTTP-Artifact
Sign Outbound Requests SAML Message Signature Certificate Code Leave it blank
Upload previously generated PFX certificate
Use the file with the p12 extension.
SAML Message Signature Certificate Password Enter the password for the uploaded p12 files
Assertion Consumer Service Url URL to AppBase "asc" handler. Allow to AppBase to configure this value. Leave this value untouched
Auth Request Destination Url Use Azure SAML Login URL to configure this field value
Service Provider Resource URL Use Azure SAML Login URL to configure this field value
Artifact Identification Url Use Azure SAML Login URL to configure this field value
Auth Request Protocol Binding Select the protocol accordingly
- HTTP-Artifact
- HTTP-POST
Auth Request Name ID Policy Select the policy accordingly
- Persistent
- Transient
- Entity
In the Auth Response section
Field Description Artifact Responder URL Use Azure SAML Login URL to configure this field value
Enforce Response Signature Verification When selected, you need to upload the certificate SAML Mutual Certificate Upload Upload the Azure raw certificate downloaded from the Azure portal
SAML Mutual Certificate Password Enter the password for the uploaded certificate. In the Logout Response section
Field Description Logout Response Protocol Binding Select accordingly
- HTTP-POST
- HTTP-Redirect
Identity Provider Logout Url Use Azure SAML Logout URL to configure this field value
You may leave this field blank if you don't want to use automated logout from the Microsoft account while performing AppBaseLogout
AppBase Custom Logout Url Allow to AppBase to configure this value. Leave this value untouched
Onboarding Page Template Allows to apply custom page design for Invitation Only or Self-Onboarding modes. - Save the new configuration