Skip to main content
Skip table of contents

Setting Security Assertion Markup Language (SAML)

Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application. This auth configuration is often used in AppBase to integrate with external authentication providers, for example, ADFS.

You can set up multiple SAML auth configurations and use all of them at the same time.


Adding a SAML

  1. On the top right, navigate to 
    cog
     → Manage Users
  2. On the left, navigate to User Management → Auth Configurations
  3. Click on the 
    Add SAML button.
  4. In the Common section, enter the configuration

    FieldDescription
    Hostname

    This value should match the hostname you use for the AppBase. AppBase uses requests hostname to find a tenant so please make sure the hostname you use for AppBase URLs you configured on the server match with the value you configured in this text box.

    Issuer Url 

    Please use the trusted identifier

    Application Url

    URL to redirect a user upon successful authentication.

    AppBase New Users Onboarding

    Select accordingly

    • Disabled: Does not allow to onboard new users
    • Self Onboarding: Any Identity provider legitimately authenticated user can register himself to AppBase after completion of the form
    • Invitation Only: Allows completing the onboarding process for pre-configured users who received the link and invitation code
    AppBase Authentication Failure BehaviorShow a standard AppBase generic error page.
    Signature Digest MethodSelect according to the certificate encryption.
    Signature MethodSelect according to the certificate encryption.
    Use CertificateSelect "Manual Uploading". It will allow you to upload the certificate.
  5. In the Auth Request section

    FieldDescription
    Authentication Context Class Name

    Select the authentication accordingly

    • Password
    • TLS Client
    • X509
    • Windows
    • Kerberos
    Set Service Provider to Identity Provider Binding

     Select the authentication accordingly

    • HTTP-Redirect
    • HTTP-POST
    • HTTP-Artifact
    Sign Outbound Requests


    SAML Message Signature Certificate Code

    Leave it blank

    Upload previously generated PFX certificate

    Use the file with the p12 extension.

    SAML Message Signature Certificate Password 

    Enter the password for the uploaded p12 files

    Assertion Consumer Service Url

     URL to AppBase "asc" handler. Allow to AppBase to configure this value. Leave this value untouched

    Auth Request Destination Url

     Use Azure SAML Login URL to configure this field value

    Service Provider Resource URL

     Use Azure SAML Login URL to configure this field value

    Artifact Identification Url

     Use Azure SAML Login URL to configure this field value

    Auth Request Protocol Binding

      Select the protocol accordingly

    • HTTP-Artifact
    • HTTP-POST
    Auth Request Name ID Policy

     Select the policy accordingly

    • Persistent
    • Transient
    • Entity
  6. In the Auth Response section



    FieldDescription
    Artifact Responder URL

    Use Azure SAML Login URL to configure this field value

    Enforce Response Signature VerificationWhen selected, you need to upload the certificate
    SAML Mutual Certificate Upload

    Upload the Azure raw certificate downloaded from the Azure portal

    SAML Mutual Certificate PasswordEnter the password for the uploaded certificate.
  7. In the Logout Response section

    FieldDescription
    Logout Response Protocol Binding

    Select accordingly

    • HTTP-POST
    • HTTP-Redirect
    Identity Provider Logout Url

    Use Azure SAML Logout URL to configure this field value

    You may leave this field blank if you don't want to use automated logout from the Microsoft account while performing AppBaseLogout

    AppBase Custom Logout Url

    Allow to AppBase to configure this value. Leave this value untouched

    Onboarding Page TemplateAllows to apply custom page design for Invitation Only or Self-Onboarding modes.
  8. Save the new configuration


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.