Security Assertion Markup Language (SAML) is a standard protocol for web browser Single Sign-On (SSO) using secure tokens. SAML completely eliminates all passwords and instead uses standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to a SaaS application. This auth configuration is often used in AppBase to integrate with external authentication providers, for example, ADFS.
You can set up multiple SAML auth configurations and use all of them at the same time.
Adding a SAML
On the top right, navigate to → Manage Users
On the left, navigate toUser Management → Auth Configurations
Click on the Add SAML button.
In the Common section, enter the configuration
Field
Description
Hostname
This value should match the hostname you use for the AppBase. AppBase uses requests hostname to find a tenant so please make sure the hostname you use for AppBase URLs you configured on the server match with the value you configured in this text box.
Issuer Url
Please use the trusted identifier
Application Url
URL to redirect a user upon successful authentication.
AppBase New Users Onboarding
Select accordingly
Disabled: Does not allow to onboard new users
Self Onboarding: Any Identity provider legitimately authenticated user can register himself to AppBase after completion of the form
Invitation Only: Allows completing the onboarding process for pre-configured users who received the link and invitation code
AppBase Authentication Failure Behavior
Show a standard AppBase generic error page.
Signature Digest Method
Select according to the certificate encryption.
Signature Method
Select according to the certificate encryption.
Use Certificate
Select "Manual Uploading". It will allow you to upload the certificate.
In the Auth Request section
Field
Description
Authentication Context Class Name
Select the authentication accordingly
Password
TLS Client
X509
Windows
Kerberos
Set Service Provider to Identity Provider Binding
Select the authentication accordingly
HTTP-Redirect
HTTP-POST
HTTP-Artifact
Sign Outbound Requests
SAML Message Signature Certificate Code
Leave it blank
Upload previously generated PFX certificate
Use the file with the p12 extension.
SAML Message Signature Certificate Password
Enter the password for the uploaded p12 files
Assertion Consumer Service Url
URL to AppBase "asc" handler. Allow to AppBase to configure this value. Leave this value untouched
Auth Request Destination Url
Use Azure SAML Login URL to configure this field value
Service Provider Resource URL
Use Azure SAML Login URL to configure this field value
Artifact Identification Url
Use Azure SAML Login URL to configure this field value
Auth Request Protocol Binding
Select the protocol accordingly
HTTP-Artifact
HTTP-POST
Auth Request Name ID Policy
Select the policy accordingly
Persistent
Transient
Entity
In the Auth Response section
Field
Description
Artifact Responder URL
Use Azure SAML Login URL to configure this field value
Enforce Response Signature Verification
When selected, you need to upload the certificate
SAML Mutual Certificate Upload
Upload the Azure raw certificate downloaded from the Azure portal
SAML Mutual Certificate Password
Enter the password for the uploaded certificate.
In the Logout Response section
Field
Description
Logout Response Protocol Binding
Select accordingly
HTTP-POST
HTTP-Redirect
Identity Provider Logout Url
Use Azure SAML Logout URL to configure this field value
You may leave this field blank if you don't want to use automated logout from the Microsoft account while performing AppBaseLogout
AppBase Custom Logout Url
Allow to AppBase to configure this value. Leave this value untouched
Onboarding Page Template
Allows to apply custom page design for Invitation Only or Self-Onboarding modes.